SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add options to reject or quarantine emails that fail or have invalid DKIM

    Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support for Diffie Hellman groups higher than 16.

    IPsec support for Diffie Hellman groups higher than 16 in SG UTM. Group 16 is getting to be a bit weak for todays environment.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Let's Encrypt Wildcard Integration

    Let's Encrypt Integration came with UTM 9.6. That's great!

    You should now implement the support of Let's Encrypt Wilcard domains with ACMEv2.

    Best Regards

    41 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Wireguard VPN support

    I'd be nice if you would include WireGuard in your suite of server-side VPN protocols in your UTM line.

    63 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSL VPN - Assign IP address via internal DHCP server

    When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Google secure LDAP client for user authentication

    Please implement Google secure LDAP client (with cert).
    We have to install a LDAP proxy like sTunnel to connect to Google secure LDAP for user authentication in UTM. This could be avoided.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Perform checks when creating host definitions

    "security made simple" is a vital aspect of network security and in keeping with that model I suggest the following checks while creating host definitions:

    1. When creating a host with an assigned IP, the system should check if that IP is already assigned or not. In a large scale network even though you can search and sort host definitions, it is prone to human error and therefore proper rudemantory checks by the system during creation should be performed.

    1.1 one should not be able to create a host with an IP within a dynamic range

    1.2 one should not…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Active Directory

    When the UTM is sync with Active Directory, it would be nice for the UTM not to keep old Active Directory accounts within the UTM device, and for the ability for the UTM to keep upto date users from AD when the UTM does a sync,

    as we are a school and we use the utm for the filtering / authentication - having to go through over 1000, accounts and remove them from the utm device is somewhat time consuming, if this could be added as a feature it would be really great and i'm sure other people would agree.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. da (P)FS bei TLS zwingend für Behörden laut BSI gefordert ist und ach bald im BSI-Grundschutz aufgeführt wird.

    Feature Request eine generelle Option in der GUI wird benötigt , damit nur Forward Secrecy fähige Ciphers verwenden werden können, damit auch andere TLS Versionen damit abgedeckt wären.

    Das Problem ist, das das BSI im April neue technische Maßnahmen für den IT-Grundschutz heraus gegeben hat.

    Darin wird für Web-Anwendungen nur noch TLS 1.2 und TLS 1.3 mit FS empfohlen.

    Der eingriff über CLI ist nicht gewünscht:
    ................................................
    /var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf
    Finden Sie recht weit oben die Zeile :
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    Das was hier eingetragen ist. wird vom Rev-Proxy angeboten.
    Änderungen hier und Folgeprobleme (Sitchwort Backportability alte Clients zu neuen Cipher suites) sind…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Flood emails with the same source

    It would be interesting some blocking method for e-mail sended from a same address in a small space of time.
    Eg: the address bruno@sophos.com sends 1000 email to the protected domain on UTM in 2 seconds.

    Remembering that this would not apply to the whole domain but to an speciffy address.

    This would be interesting when an email box is hacked and used to send many spams.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. AWS Transit Gateway Support

    Currently, the Amazon VPC setup does not support the new Transit Gateway in AWS. When you attempt to import via config file or secret key it errors out with a Regex error.

    I went up the whole chain of premium support and the GES Engineer let me know it currently isn't supported.

    As Transit Gateway is the future of Inter VPC & S2S networking this would be nice to have supported.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. Check the DHCP server's 'Range' when creating a Host with Static IP

    When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed. Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult. Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy. For example, I just got the following:

    secure:/root # cc get_objects dhcp server|grep \'range
    'range_end' => '172.16.31.110',
    'range_start' => '172.16.31.101',
    'range_end' => '192.168.66.254',
    'range_start' => '192.168.66.100',
    'range_end' => '10.100.100.63',
    'range_start' =>…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. Usage of Sophos AP over a IPSec tunnel

    Currently ( 9.605 ) it's not possible to use a Sophos AP on a UTM for remote locations which are connected via IPSec VPN tunnel and not a RED. The AP is being recognized, you can manage it and see all the connection attempts.
    The only thing not working is the DHCP server on the UTM which is not able to send his DHCP packets into the tunnel to the AP. It would be great if this function cold be added.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. DB cleanup after adjusting report retention time

    It would be sweet if the SG would do a cleanup/purge of old data beyond reporting time.
    Path: "logging & reporting --> reporting settings --> settings"

    This is especially handy with the smaller devices with excessive logs and will prevent us from doing a REBUILD DB, with the loss of whole database.

    (Example of reallife situation in CaseID [#8254771] )

    59 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. Custom Block Messages depending on different networks

    We want to be able to show different block messages to request from different users/networks/filteractions.

    We have one public hotspot were we provide internet access and another private company wifi.

    We want to be able to only show the administrators info (like telephone number) to the private wifi.

    Please implement this as a feature if possible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Mail manager quarantine confirmation when deleting an email

    Emails that you accidentally select as delete will be deleted without confirmation. A confirmation if you really want to delete this email would be meaningful.

    Otherwise, the e-mails will be irrevocably deleted...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Standard ADSL Support on SFP+ Modem

    Standard ADSL Support on SFP+ Modem

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. password of the day rest api

    implement a function to geht the actual password of the day via rest api.

    it will be used to fetch the password of the day to display is every day on a display in the conference rooms.

    then no print out is needed for that.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sort interfaces when configuring NAT

    Today when configuring NAT the dropdown with the existing interfaces is not sorted, each newly created interface is inserted somewhere into the list, you have to search for it manually. It would be helpful if these interfaces are sorted in an alphabetical order. Especially when many VLAN Interfaces are created there are quite many objects in the list.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for Gmail SMIME Decryption

    Hi,

    as mentioned in support case #8595985 I suggest to make the Sophos UTM Mail Encryption to support the way that Google Suite is handeling SMIME Encryption.

    At this moment we are unable to decrypt SMIME-encryted and -singed mails from ALL of our customers and partners which are using an Google Gsuite Account with SMIME-Encryption.
    As a result of Develoments research (which took already 7 months) I got an Information from support that Google is using a different way to handle SMIME, which is not supportet by UTM:

    "the UTM expects encrypted mail, it first decrypt the mail and verify…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 180 181
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.