SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. I would like to suggest the possibility to monitor the current threat count and the average scan time (last 15 minutes) via SNMP, mail, etc

    I would like to suggest the possibility to monitor the current threat count and the average scan
    time (last 15 minutes) via SNMP, mail, etc.
    SAV for NetApp Storage Systems

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  2. End point protection log

    In UTM 9.3, there were a range of improvements to the Web Filtering log files including referrer URLs and user agents.

    Unfortunately these changes did not make it into the End Point Protection (EPLog) files. The EP logs appear to be the same as the web filtering logs, only only stuck back in the v9.2 format.

    Is it possible to propagate the recent improvements to the web filtering logs into the end point protection logs?

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  3. Build Technology Add-On (T.A) for SPLUNK

    Build Technology Add-On (T.A) based on Sophos UTM logs that compatible with Splunk CIM for normalize events and integrate with Splunk SIEM app (Enterprise Security) and PCI DSS.
    you can see F5 T.A and APP on the splunkbase.splunk.com.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  4. Powershell Module for searching logs

    It would be great if there were a Powershell module to allow doing granular log searches. I often like to look for specific information and in differing ways. The time to obtain this information from support is far too inefficient. For instance, I was just looking for all messages in the log with the .email top level domain.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  5. Archived log

    I want you to add the function that can download several types of archive log by one operation.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add interface index to flow data to allow external packages to track it better.

    Add interface index to flow data to allow external packages to track it better.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  7. group

    Include a "group" field in the http.log to help ease with creating syslog reports.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable/Disable loggong for all rules at once

    For all rules in Firewall and Application Control it would be great to have a button to disable or enable logging for all rules. Or even group wise.

    This way temporary debugging is made easy and otherwise the load is low on the machine.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  9. AV passthrough downloads

    Big downloads scanned by AV portal are not shown in logs when are not finished by clicking on download link on http://passthrough.fw-notify.net/ portal.
    This hides

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  10. Sophos Web Appliance: More granular reports

    On behalf of SS&C Technologies, Inc.

    We would like to see more granular reports on the web appliance. More specifically, top bandwidth by time. It would be useful to be able to see who use the most bandwidth by a time range instead of just the day.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  11. Live Log for color-blind People, New Column

    Feature to Add a New Column witch represent the row color

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  12. Logging of SSL Filter.

    We had a particularly bad issue on 3 of our UTM devices. With SSL filtering enabled, mobile apps such as Facebook/WhatsApp/Mobile Banking Apps and quite a few others would not work.

    Relying on the built in logs, neither us nor Sophos support could see any packet drops, even with full logging enabled.

    Turns out SSL filtering affects mobile device apps much more destructively than on a web browser.

    There is going to be a partial fix apparently with firmware 9.4 but my suggestion is more fundamental: How can I trust a device if I cannot see what it is doing?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  13. Import existing logs into iView

    Be able to import or transfer existing logs to iView that were already on the UTM prior to setting up i View.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  14. Intrusion Prevention Reports - Incomplete Data in Logging->Network Protection->IPS Tab

    Both the IPS tab for Logging->Network Protection->IPS and the IPS section of the Executive reports does not contain complete information about the intrusion.

    For example:

    -There is no way to determine the date and time from either report. You have to view the raw logs. Please add a date/time column for each report.

    -There is no way to link all sources with all destination from either report without doing multiple searches. You have to do it one at a time. Please simply add a Source, Destination, and Rule column for reports on both the IPS Report as well as the…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  15. Change mail logs display from "return to" address to "sender" address

    I have found that the SMTP logs and Quarantine logs actually display the "return address" and not the sender address.
    This makes it impossible to search for mail from a particular person if they use a third party email responder service.
    I have found a lot of clients are now using third party mail services, eg ANZ, BOC, Blackwoods etc.
    This means in our logs we appear to have a lot of mail from "*@chost.net.au" (the third party mail service) but we have no idea who the real sender was ANZ, BOC etc....
    Support confirm this problem, but only suggest…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  16. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  17. Conncurrent Connections per Host

    Currently, Sophos UTM allows you to see Concurrent Connections on the Dashboard, Interfaces & Routing page as well as Logging & Reporting --> Network Usage --> Bandwidth Usage for a Total Connection usage count.

    It would be useful to illustrate a real time breakdown for which Hosts are occupying said Concurrent Connections. I've been able to track TCP Connections via ip_conntrack, however, I'm sure the Sophos UTM has a cleaner approach that could be used to isolate connections at the IP level.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  18. Logfile guide for WAF

    here was a demand from our important customer.
    The customer uses the function of WAF, but is troubled in operative duties very much.
    It is because there is not the guide of the log file.

    Please make the log file guide including the following contents about WAF.
    1.Log format
    2.A meaning and coping method of the error code

    In addition, it was not listed in the following sites.

    https://www.sophos.com/ja-jp/support/knowledgebase/115634.aspx

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  19. should add an option for logging dhcp-relay requests for troubleshooting issues.

    I had some issues with my dhcp server. In this case it would have been helpful to see if the requests are going through the utm or not.
    So please add an option for this.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  20. to display the corresponding web filter exception name in the http.log

    It would be useful if you could see the name of the correspondig web filter exeption in the http.log on the UTM.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.