SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Reboot AP from command line or crontab (scheduled task)
I've 3 AP connect to a UTM, i would reboot them but not manually with the aweetool, with a schedule task (crontab, rc.local, shutdown -d [time] ecc..., at the moment do this isn't possible..
This "feature" is very important for a correct connectivity ofthe AP, because
every one/two/three months you are forced to restart them manually.
The awetool is useful but yu need to connect to UTM by ssh, start the tool, find the AP and reboot it MANUALLY.
Give the possibility to create a crontab for do this wil be very very useful, we'll apreciate it.
thanks1 vote -
Remove the diffie-hellman-group1-sha1 in ssh service/port-22
Hi Sophos,
We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.
We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,
Please kindly provide a step or your action to remove it.
1 vote -
port 25
The default port to email a backup copy of the settings is Port 25.
Many ISPs block Port 25.
It would be helpful if an alternate port could either be chosen or selected such as Port 587.
1 vote -
Allow network traffic quotas on XG to be applied directly to rules rather than users or groups.
Would be nice to apply network traffic quotas to a rule rather than just users or groups. This would allow IoT or headless devices to be cut off after exceeding a quota.
1 vote -
I need a management app to control my utm
question about management app
1 vote -
How to find out active openvpn-connections, documentation for UTM9 API
I would like to find out wether users are connected via openvpn or not. With a single request:
https://my.utm9/api/status/openvpn/openvpn-officemunich
to get:
{
"connectionname": "openvpn-officemunich",
"active": false,
"laststarttime": "2019-12-30 08:00:00",
"lastendtime": "2019-12-30 08:14:03",
"historydescription": "only last 24 hours are saved",
"history": [{
"start_time": "2019-12-30 08:00:00",
"end_time": "2019-12-30 08:14:03",
},
{
"start_time": "2019-12-29 23:10:00",
"end_time": "2019-12-29 23:14:03",
}]
}It is a great idea to have an API for Sophos UTM9 and to publish documentation here:
https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx
This documentation is from 9/2017 and I hope to find more substantial info in this document or…
1 vote -
RESTful API: Provide an API call for Routing Table /IPv4 Default GW for an interface
At this moment, there is no option to make a API GET call for all the routing table of the UTM.
Including the IPv4 Default GW for an interface.This is very important for thirdparty environments that using and analyzing the routes and the access-lists of the network devices of the production environment.
1 vote -
SUM log traffic for automatic firewall rules
When we create an IPSEC VPN in SUM and use "automatic firewall rules" option, we can't edit the option "log traffic" for these rules and so we can't see the logs for these rules.
2 votes -
WAN Interface speed test
Being able to test WAN Interfaces by isolating from the network traffic temporarly. That would be very helpful to identify slow internet connection and causes.
8 votes -
Ability to Package Central Linux installer in an RPM file
Sophos Product:
Sophos Central
Version in Production:
Linux agent
Feature Request Summary
How will this new feature address your business requirements?:
We are wanting the ability to create an RPM file for deployment onto our Linux fleet. This will give us the ability to install the agent onto our large Linux fleet via our satellite deployment environment. As we have a large Linux fleet we need the ability
to deploy via an RPM file as installing the agent manually on each server is not feasible. As a few of our Linux servers are on a private network and unable to…3 votes -
kbit
In flow monitor - Bandwith Usage Now - KB/s is displayed.
This is misleading, there should be kbit / s2 votes -
Add Sophos SG/UTM to Sophos Central for management via the cloud
I can't see this suggestion here yet; apologies if it is.
I'd love to add our Sophos SG UTM devices to Sophos Central, to centralise and aggregate log and events collections, as well as config and health status snapshots.
I can deploy a SUM, but it would be nice to have it linked to Sophos Central for a standard view.6 votes -
Real time bandwidth usage for firewall rules
Add a method to check the real time bandwidth usage for firewall rules.
So users can distinguish which rule uses the most bandwidth and set the proper QoS for it.
37 votes -
Allow for the encryption level for SNMP v3
Currently when configuring SNMP v3 for network monitoring, the encryption is automatically set to AES, but does not identify the strength of the encryption. It has been found through testing that the AES encryption being utilized is AES 128, which is below the requirements for regulations such as Payment Card Information (PCI) and the Health Insurance Portability and Accountability Act (HIPAA) compliance. It would be greatly helpful to allow for the selection of the AES encryption level when configuring SNMP v3 for network monitoring.
5 votes -
WAN Failover Firewall Rules
We would like to see the ability to create firewall rules that take over if the primary WAN connection fails over to a secondary WAN connection. This would be useful for businesses like ours who has a nice primary connection but a significantly smaller backup connection. For example we let the employees stream media during normal operations however with many streaming if it fails over to the backup WAN connection it causes a huge bottleneck for us.
14 votes -
Sophos Central Grouping feature & AD Sync improvements
It would be nice to improve the AD Sync Client with following features:
- AD Sync on OU level
- Sync Computer Objects in Security Group Object and apply a Synced Security Group Object as Computer Group in the Sophos Central Web-GUI. Like this is with the User Objects already implemented.3 votes -
create one common user into the SFM for access all synchronized UTM GUI
create one common user into the SFM for access all synchronized UTM GUI
1 vote -
In SUM, include the capacuty to configure SANDSTORM
In SUM, include the capacuty to configure SANDSTORM
16 votes -
Allow the ability to edit Scheduled Operations in the Sophos Gateway Manager
Currently, to change a scheduled operation in the SUM Gateway manager, you have to delete the schedule and recreate it entirely. It would be nice to be able to simply edit the operation.
5 votes -
Ability to set up permitted devices under licensing
I would want the ability to set up permitted devices under licensing.
For example:
Only devices 192.168.1.10 to 192.168.1.20 should be permitted to the network.If a user attempts to connect from 192.168.1.21, this device should then be blocked (like the license count was exceeded), even if theres licenses left. (and that device should then not count in licensing)
This would mean that any device outside of this, would not be able to connect to the UTM at all, and thus would not "spend" licensed devices (eg, any devices outside of the specified entires, or course multiple entires should be…
1 vote
- Don't see your idea?