SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Reporting to identify ALL traffic going out an interface port
Easily identify what traffic and IP is going out via each Interface port. I have spent a month with support trying to resolve this and the answer was to enter in into here, which I find crazy that it doesn't exist.
Example in simple terms - identify all traffic that is going out via Interface 5 in one place, not guesses or purchasing another product!!1 vote -
Better reporting on webfilter (Reasonon for block)
First I see a similar suggestion is already posted and marked completed pointing to policy violators. But it does not really help much.
Problem: Go to "Web protection reports" Choos the "Categories" reports.
There it shows multiple categories that are not supposed to be blocked.
Drilling down to a category that is not to be blocked, example for us "Travel" . Here pick the Reporting Direction "Urls", "Select this view" find one that says "Blocked" on this category. For us we se many legit sites here from time to time. Where action is blocked and Reason is "--". So no…5 votes -
Reporting: AD/eDir Backend Group "Departments"
Logging and Reporting - Web Security
Would love the ability to run reports based off of AD/eDir backend groups. Either by adding this functionality separately or by allowing the addition of backend groups to the ASG's built-in "Departments".
111 votes -
network usage sincronization active passive
Complete Report for Network Usage and Remote Access
in active passive mode
without holes due to appliance in ***** state1 vote -
Improve reporting features. I need to have a report that shows machines that have out of date virus definitions.
Improve reporting features. I need to have a report that shows machines that have out of date virus definitions. That seems like a standard report that should already be included. Especially since this is the type of information that auditors request.
1 vote -
Enhance VPN Reporting to show services contributing to usage per user
The UTM weekly executive report breaks down VPN usage by user. After confirming with Sophos support, it appears there is no way to shed light on what those VPN users are doing.
I need a report that tells me what services VPN users are using while connected to the VPN.
2 votes -
kl
Generate an email alert for high CPU and RAM usage
It would be nice to be alerted via email (or other methods) when the CPU usage or CPU usage of the Sophos appliance gets above a certain threshold. We have had issues where our customers suffer from slow internet speeds that are caused by high device utilization. It would be nice to be alerted to this.
1 vote -
Display Reason & URL for Blocked Sites
Policy Violators’ report does not show all reason for blocked traffic.
For some it leaves blank. For example "connection reset by peer" or connection refused. If this occurs you then have to check the http log. So it would be good to have these included in the report1 vote -
iView reporting on Sophos UTM.
It would be good to break down the web usage by time bands. This would allow us to see which users where doing what on the web at specific times.
Thanks3 votes -
Ability to use WAN Interface data to produce CQM charts
As the Interfaces, but more specifically the WAN interface, is monitored for it's availability on the UTM, it would be good if this could be expressed as a CQM style graph indicating any drops in connectivity.
Ideally this would be true CQM that would indicate packet loss on WAN connection etc, but initially just connection state would be good! (Seems a waste of data otherwise)
1 vote -
Astaro tool addition: SmokePing
Very interesting tool for tracking latency over time.
3 votes -
Sophos UTM: FIlter out internet analytics
Filter out the internet analytics and services so that web usage reporting in only showing the 'real' websites visited instead of muddying the waters with all the analytics and services information. If if this could be hidden on the export of the report to managers etc...
1 vote -
In the E-Mails reporting a Portscan list the ports that were scanned and the IP address that was scanned
In the email that is sent notifying of a Portscan include the Ports that were scanned and the Destination IP address that was scanned?
Example of Current E-Mail that is sent.
A portscan was detected. Details about the event:
Time.............: 2015-01-05 20:48:46
Source IP address: 222.208.119.169 169.119.208.222.broad.lz.sc.dynamic.163data.com.cn
--
System Uptime : 0 days 9 hours 58 minutes
System Load : 0.10
System Version : Sophos UTM 9.305-4Please refer to the manual for detailed instructions.
2 votes -
Use Splunk for all of your reporting of logs
Index any machine data regardless of format or location--logs, clickstream data, configurations, sensor data, traps and alerts, change events, the output of diagnostic commands, data from APIs and message queues, and even multi-line logs from custom applications. With no predefined schema, data can be indexed from virtually any source, format or location. Then it's available for troubleshooting, security incident investigations, network monitoring, compliance reporting, business analytics and other valuables uses. I'm sure a deal could be worked out with them, you get 500mb/day of indexing for free
6 votes -
waf report
The executive report could show the attacks detected and blocked by the WAF.
6 votes -
web appliance reporting
Company and Contact Information
Company: Vistek
Contact: Michael Hogan & Jody Sudbury
Sophos Partner (if applicable):
Sophos Product Information
Sophos Product: ws500
Version in Production:
v3.9.3.2Feature Request Summary
How will this new feature address your business requirements?:
Currently users are “charge” with the full size of a file like a video even is they just view a few seconds of it. Worse if they stop and restart a video they
get “charged” with the full file size times the number of times they start it. We had the system report one user as consuming several GB of data even…1 vote -
Report on which users have downloaded what files (executable files etc.)
I would like a report that shows which users have download what file types (e.g. executables, videos etc.). Showing from where they were downloaded would be good to have as well.
4 votes -
Useful cache statistics (Web cache, DNS, SXL Categorization, Cluster balancing)
Since version 9.2 it easy to have the statistic in the Web filtering log to make some interesting stats on cache.
Cached= to know if the web object was take form disk cache
dnstime=0 the dns resolution was made from cache
cattime=0 the categorization is made form SXL cache
With the name of the UTM -1 or -2 in the log you can know how much the charge is balance between the cluster.I think this could be a interesting widget stat in the main dasboard.
Thanks you
2 votes -
Connect SUM with Sophos iView Appliance or make SUM configure SYSLOG for all devices.
Could be nice if the SUM is reinvented so that SYSLOG traffic is sent to SUM and the SUM can be connected to iView OR SUM can configure UTM's SYSLOGGING service to point all to Sophos iView appliance.
3 votes -
WebProtection time that user was surfing on sites
Currently, Sophos show the total time that a user spent on sites, but will be interesting that shows the hour when user was on sites.
1 vote
- Don't see your idea?