SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Please add Imation IronKey Secure USB Device to supported secure devices for it to be recognized by the device control policy
Please add Imation IronKey Secure USB Device to supported secure devices for it to be recognized by the device control policy
1 vote -
SUM Email protection configuration management
Ability to define email protection configurations via SUM. This functionality exists with the Sophos SEA appliance "configuration sharing" . This would be useful in environments where UTMs' are deployed to more than one office with each office exchange.
1 vote -
changing the “Terms of use” phrase to custom words
please consider to have this flexibility for non-english user.
1 vote -
system tray icon notice, like a blinking red Sophos shield, or a pop-up balloon that requires user intervention to close for a quarantine
This feature will lower our risk profile by engaging user intervention upon infection more quickly. When a user is aware of a problem, they can move to remedy
it without an administrator having to locate/contact them to take action. The common response is, “why didn’t Sophos tell me sooner?” In some cases they are upset that they are being spoken too at all because it implies that they could be in trouble so they
take an immediate defensive posture. This is not conducive to our ongoing cooperative relationship. I therefore would rate this as an importance level 2. It does…1 vote -
introduce feature to limit upload limit for internet users
introduce feature to limit upload limit for internet users by system administrators
1 vote -
introduce feature to limit upload limit for internet users
introduce feature to limit upload limit for internet users by system administrators
1 vote -
in SMC setting an option to choose how to clasiffy unknown devices (not managed by SMC). Compliant or non-compliant.
Now all devices are clasiffied as non-comliant unless told by SMC, so all devices must be managed by SMC to be able to connect to wifi. Which is not always the case.
1 vote -
1 vote
-
Add last seen date to sophos active ip address list.
Add last seen date to Sophos active ip address list.
1 vote -
Ability to block IPs or users from the usage graph
Have a way of blocking IPs or throttling them from the bandwidth usage graph
1 vote -
Ability to add site name to grey space between "UTM" and user who is logged in.
When managing multiple UTMs it would be nice to have the interface show you in a very obvious way which UTM you are logged into . The grey space between the UTM version and username would be good place for that as it is persistent across all menu options.
1 vote -
install license by USB, like the restore.abf
Some of our customers use OSPF on the UTM to connect their network. Sometimes they miss to renew the license ...
If we got notice of that, we can help them for maybe 10-30 days with a temporary license until they get the real new one.
But the problem is, the UTM is not accessible from anywhere (SSL VPN or Network) because the routing instance is dead.
My idea is to send them the temp file, they put it on a usb and reboot the UTM.
If the utm searches for such a file it can easily be installed.1 vote -
Preconfig of Management Center on Terminal Servers
Sony Austria uses SGN MC on Terminal Servers, which are deployed every week.
The want to preconfigure the MC to avoid the SGN MC config wizard every week at every machine.1 vote -
Allow DNS-groups or Availability Groups on Centralized Management
If a SUM is hosted inhouse and external UTMs connect only Hosts/DNS-hosts are allowd as destination system (SUM).
If the main WAN connection fails, configuraton can not the altered using the SUM (e.g. to redeploy VPN tunnels to a backup connection (so switch the Tunnel interface))
It would be helpful to have DNS-groups or Availability groups enabled for this purpose.
I understand that the SUM has to be unique for the management to work. So this might be an issue that requires the admin to understand what he does, but the current configuration options do not allow easy failover
1 vote -
Change object type on SUM for network definitions.
Change object type on SUM for network definitions.
For example: On a SUM-Server it would be very useful to change an object from a Host to a DNS-Host or DNS-Group. This would give administrators the possibility to change objects without revisiting any UTM where this object being used.
Of cause there are situations where it is tricky to do it because some configuration fields just allow certain objects but an error message could be helpful here.1 vote -
SMC: Only whitelisted apps allowed in Apple App Store
Currently, although there is a possibility of whitelisting/blacklisting apps in SMC, there is no way of actually allowing App Store on the device and restrict the downloading/installing of apps. To have full control of the device, you have to actually implement a policy of disabling the App Store itself.
Ideally, the App Store should be available and only whitelisted apps are allowed to be installed. This would also allow the users to update the installed apps. The current solution is a drastic push policy to allow App Store, ask users to update apps and ask them to call back when…
1 vote -
Provide variables to show the authenticated user name, group membership and filter assignment
Provide variables to show the authenticated user name, group membership and filter assignment when customizing the Web Message->End-User Message description. This would allow the user and admin to quickly see that the user was authenticated properly and the group membership is correct.
1 vote -
RADIUS
RADIUS support for ssh access.
There are a lot of things which you can only do on a shell. Either with ssh to the box or with the serial console. One example might be tcpdump /cc commands/ grep.
However, logon does only work with loginuser and or as root. Having multiple admins, you never know who does what. And this is a nightmare for auditing or troubleshooting reasons.Therefore, I would recommend to enable RADIUS authentication (or other authentication) for ssh and console access.
I really would prefer a behaviour like most other network devices:
Logon to the box based…1 vote -
Central Management option to name the unit being added to the SUM server.
Currently the hostname is used to identify the UTM in SUM. You then need to go into that unit on SUM and edit the Registration with a Friendly Name. It would be nice on the UTM under Central Management to add a Registration Name. This name would then be used in the SUM Server to identify the UTM.
1 vote -
WebAdmin: Activate configuration at specified date and time
It would be a good thing to have to possibilty to predefine e.g. firewall rules, vpn connections, clientless vpn connections, users or whatever and activate them at a special day and time.
For example a bunch of new emplyees start their work at 1st of march - so the admin can predefine their users, rules and remote connections for them to be active 8am at 1s of march.So he will not forget that things during the daily business at 1st of march.1 vote
- Don't see your idea?