SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Require YouTube Educational Features for UTM9
Require YouTube Educational Features for UTM9
Add a feature to allow only educational youtube to users.
2 votes -
Web Protection Only EndPoint Agent
It would be awesome to have a lower cost agent just to deploy congruent webfiltering etc to mobile devices. Having to pay for the full agent just to switch everything else off (especially now that Sophos Central is the recommended route for the other features) is superfluous and a bloatier solution.
2 votes -
Custom Block Messages depending on different networks
We want to be able to show different block messages to request from different users/networks/filteractions.
We have one public hotspot were we provide internet access and another private company wifi.
We want to be able to only show the administrators info (like telephone number) to the private wifi.
Please implement this as a feature if possible.
3 votes -
da (P)FS bei TLS zwingend für Behörden laut BSI gefordert ist und ach bald im BSI-Grundschutz aufgeführt wird.
Feature Request eine generelle Option in der GUI wird benötigt , damit nur Forward Secrecy fähige Ciphers verwenden werden können, damit auch andere TLS Versionen damit abgedeckt wären.
Das Problem ist, das das BSI im April neue technische Maßnahmen für den IT-Grundschutz heraus gegeben hat.
Darin wird für Web-Anwendungen nur noch TLS 1.2 und TLS 1.3 mit FS empfohlen.
Der eingriff über CLI ist nicht gewünscht:
................................................
/var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf
Finden Sie recht weit oben die Zeile :
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
Das was hier eingetragen ist. wird vom Rev-Proxy angeboten.
Änderungen hier und Folgeprobleme (Sitchwort Backportability alte Clients zu neuen Cipher suites) sind…9 votes -
Pharming Protection: option to exclude URLs
Some applications like Snapchat or Zscaler use kind of "virtual URLs", which are not resolvable.
Even an online DNS lookup delivers no result.
So Web Filtering blocks the attempt of the Client, to check for or contact this URL with the error "Host not found"
See examples for this issue HERE: https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/46970/snapchat---host-not-found#pi2151=2&pi2353=1 and HERE: https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/116554/unresolved-urls-zscaler-are-blocked-in-web-filtering-with-host-not-found---exception-possible/421719#421719
At present Pharming Protection has to be completely disabled, to prevent the application from throwing errors.
I suggest the option to exclude URLs from the Pharming check, so it can remain active for all other URLs1 vote -
Let’s Encrypt - configurable key size
Would be nice if it would be possible to configure the key size of automated created Let’s Encrypt certificates by Sophos UTM with Let's Encrypt Method --> described here: https://community.sophos.com/kb/en-us/132940
1 vote -
Add logs and reports for web filtering blocked due to unscannable and encrypted file
Hello Team,
We have customer here requesting to add feature on UTM in which to add logs and reports for web filtering blocked due to unscannable and encrypted file. For your assistance please. Thank You
1 vote -
Safeguard Bypass
It would be great to have the ability to bypass SafeSearch on a web policy based on Groups, IP or user.
This would allow the level of granularity needed in schools without the need for complex firewall rules.
1 vote -
AD Nested group support for policy helpdesk
Hi,
Policy helpdesk can not handle Users in nested groups . (It shows Blocked to all site for these users but in reality (in practice) it works from the end users browser)
Please add fully support to AD nested groups in all parts of UTM.Thanks
1 vote -
Allow work space Facebook and block personal Facebook.
Hi,
Add this feature in Cyberom UTM to Allow work space Facebook and block personal Facebook.
3 votes -
Be able to to customize the Country blocking template
It would be great to be able to customize the Country blocking template as with all other user facing pages.
2 votes -
Unable to have ? character on Request Redirection
When trying to add a parameter with a question mark on a URL to redirect to the following error occurs:
"Please remove the following invalid characters in the target path: ?"
Support have said this is a system limitation and it is a good candidate for a feature request.
2 votes -
O365 Tenant Restriction
Microsoft have released guidlines to restrict access to specified O365/Azure tenants.
This requires the injection of an HTTP header.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions
Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services
7 votes -
Policy Helpdesk
In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.
If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.
2 votes -
IPv4 Fallback for IPv6 with Proxy in Standard Mode (Happy Eyeballs)
If a webserver is resolvable in DNS with both IPv4 and IPv6 addresses (A and AAAA Records) the UTM Proxy will prioritize IPv6, which is ok.
If the server is not reachable on IPv6 no fallback to IPv4 happens if the proxy is running in Standard mode.
The provided workarounds are:
1 -disable IPv6 on the ASG
=> Seriously, disable IPv6 in 2019 ?2 -add a DNS static entry for every affected site with only an IPv4 record
=> Definitely not starting to statically add internet hosts...3 -use HTTP proxy transparent mode instead
=> well yeah, but want…2 votes -
Citrix thin client user authentication(multiple user access the same ip)
we couldn't authenticate citrix thin client machines in sophos utm
1 vote -
sandstorm Exclusion in SUM
Provide the ability to configure sandbox/sandstorm tick box in exclusions pushed out by SUM to UTMs
1 vote -
Web Protection Block Files Upload
It would be nice to block file upload on cloud services or any other webiste, to prevent any kind of data leakage.
2 votes -
Websocket Support for Web Protection / Proxy
this is self explaining and need no further details.
22 votes -
Add AnyDesk to Application Control List
Hi,
AnyDesk (https://anydesk.com/) is a powerfull tool for remote control, so please add to the Application Control List.
11 votes
- Don't see your idea?