SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. logging reporting

    When the customer clicks on 'Remote Access' he is confused by the page he's greeted with 'Remote access status'. he is under the impression that all remote users are listed there.
    I suggested to go to 'logging and reporting'>Remote access instead to obtain a detailed view. This however is still not satisfactory for the customer. He would like to see an improvement in this area.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  2. WAF Logs - Please add action fields

    Currently Sophos UTM IPS and WAF has no indicator on its logs if a certain traffic was Blocked, Allowed or Supposed to be Blocked (if worker node is running on Monitor mode). Which is a problem for a multiple deployments which is running on a combination of Reject/Blocking mode and Monitor mode. Please add this as another field on your logs as all of other WAF's and IPS that I handled before has. Many other customers had or will find this feature lacking when operating and monitoring on multiple worker nodes.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  3. 8822269 -

    Hi Team, I would like to have the ability to Export Network Usage between specific times. Unfortunately the Daily Network Usage graph is (now-24hours).I would like the ability to choose a specific day last week.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  4. http log

    In order to facilitate analysis by our CASB of traffic and traffic amounts to and from shadow IT, please provide the number of bytes up & down information in the SG proxy logfiles (like already done by XG as “sent_bytes=*** recv_bytes=xxxxxx).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sophos Sandstorm Activity dashboard - show non-malicious activity count for previous days

    in the Sophos Sandstorm Activity dashboard, it would be nice to display the activity count for more then the current day. We can then measure Sandstorm's level of activity (malicious as well as non-malicious detections). Thanks

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to specify "container" log group for AWS Cloudwatch logs

    Currently, when using the log to AWS Cloudwatch, logs are just dumped into top level /var/log/<blah> groupings. Not only does this clutter up the Cloudwatch logs view, but it makes it impossible to have multiple UTMs logging to the same AWS account.

    What I'd like to see is a way to have a prefix or container log-group e.g., UTM1/var/log/messages etc... so that all the logs are grouped under a single category.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  7. DNS Request Logging

    It would be great to have a full history of DNS requests. Many organizations filter TCP/UDP:53 at the edge, and employ Split-Brain DNS configurations. For smaller organizations which rely on the built-in DNS server of the UTM, it would be nice to have full logging of DNS requests; this would make for better analysis of SIEM data as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  8. DSM for Qradar

    The DSM will enable the IBM Qradar SIEM to parse logs from the Sophos UTM.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  9. IPS-Log: suspicious dns query should say the complete FQDN which was "suspicious".

    The IPS-log-output for "reason=_INDICATOR-COMPROMISE Suspicious .top dns query_" should the FQDN be included which was tried to resolve.
    Regards, Daniel

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  10. Network Protection set marked for Logging

    In Network Protection please give us the possibility to enable/disable logging for marked firewall rules. For example an entry in the drop down menu under "Action", where you already can enable/disable/delete the Firewall Rules.
    It's pretty frustrating if you need to enable logging on one or more rules and the page reloads each time, specifically at the auto-generated rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  11. Improve the methods which delete older log files when log partition usage meets the defined thresholds

    Currently 3 thresholds can be configured to take various actions dependent on log disk space usage. When set to delete older log files, let's say - at 85% - this simply executes the logcleaner.plx job at 01:30am each morning. If the threshold is say 80% at this time, and subsequently lots of activity of the box, (typically abnormal activity) and the log partition fills up before the end of the day to 100%, then the raw log files fail to be compressed down by archiving jobs and stay at their current size - logging stops as syslog has nowhere to…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add column for Message ID Message in Log Viewer

    The Log Viewer needs a column for the Message ID Message. In other words what does the Message ID means. Example 08001 this tells you nothing unless you know what it means.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  13. log file

    granular rules to control log file deletion were highly apprecitated. I wish I could set different values for each log category.
    For example to comply with EU-GDPR you would set log file deletion after 7 days and for packetfilter or IPS after 30 days.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  14. Logging : Modify the form of the logs sent to syslog

    For Webserver Protection, the ability to add or remove fields from the logs to be sent to the syslog server. (for exemple, the field about "cookie", which contains a number of important characters)
    But also to be able to modify the number of characters of a request so that the logs are not truncated

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  15. It is possible to implement the configuration download in notepad how we can do in Cisco devices?

    It is possible to implement the configuration download in notepad how we can do in Cisco devices? So it will be very useful to know the setup if any new person manage the device.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  16. ipfix template issue

    Hi,
    There was a request/post in regards to getting IPFIX to be connected to Solarwinds, https://www.astaro.org/gateway-products/management-networking-logging-reporting/50338-ipfix-error-solarwinds.html

    Could this issue be addressed, we would like to use their product but the template is being rejected. Since the UTM does not support other netflow options, this should be addressed because the majority of firewall companies have these options.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  17. search

    When displaying the results of a search of a log file, display the search terms used in the popped up window.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  18. log filtering aprovement

    When I look in a live webfiltering log and filter this log on "action="block"" I like to see only log rules of blocked connection and not the first 10-20 rules with all log rules at every reload of the filter.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  19. Unified logging

    Compared to MS Threat Management Gateway 2010, analyzing log files on UTM is a chore. TMG had several advantages:

    1. Unified firewall, waf and proxy logs.
    2. Logs were store in a single file or an internal/external SQL database
    3. The interface for analyzing log data was capable of easily creating very complex queries with point and click.
    4. Logging was on by default.
    5. Data was broken into columns automatically, did not require parsing a very long text string.
    6. Easily exported to Excel for further analysis

    I would like to see some of this implemented in UTM. Viewing…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  20. Logging Authentication failure in Webfiltering

    It would be good if you could write the failed authentications in the web filtering log.
    It could be used to determine which client someone logs wrong.

    Example: 2015:02:18-07:20:04 deproxy03-1 httpproxy[6423]: id="0001"
    severity="info" sys="SecureWeb" sub="http"
    name="http access" action="Authentication
    failed" method="GET" srcip="10.68.20.171"
    dstip="62.159.74.50" user="userx" ad_domain="domainx"
    statuscode="200" cached="0" profile="REF_HttProSsoad
    (SSO-AD)"

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.