I've 3 AP connect to a UTM, i would reboot them but not manually with the aweetool, with a schedule task (crontab, rc.local, shutdown -d [time] ecc..., at the moment do this isn't possible..

This "feature" is very important for a correct connectivity ofthe AP, because
every one/two/three months you are forced to restart them manually.
The awetool is useful but yu need to connect to UTM by ssh, start the tool, find the AP and reboot it MANUALLY.
Give the possibility to create a crontab for do this wil be very very useful, we'll apreciate it.
thanks

Hi Sophos,

We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.

We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,

Please kindly provide a step or your action to remove it.

The default port to email a backup copy of the settings is Port 25.

Many ISPs block Port 25.

It would be helpful if an alternate port could either be chosen or selected such as Port 587.

Would be nice to apply network traffic quotas to a rule rather than just users or groups. This would allow IoT or headless devices to be cut off after exceeding a quota.

question about management app

At this moment, there is no option to make a API GET call for all the routing table of the UTM.
Including the IPv4 Default GW for an interface.

This is very important for thirdparty environments that using and analyzing the routes and the access-lists of the network devices of the production environment.

When we create an IPSEC VPN in SUM and use "automatic firewall rules" option, we can't edit the option "log traffic" for these rules and so we can't see the logs for these rules.

Being able to test WAN Interfaces by isolating from the network traffic temporarly. That would be very helpful to identify slow internet connection and causes.

In flow monitor - Bandwith Usage Now - KB/s is displayed.
This is misleading, there should be kbit / s

I can't see this suggestion here yet; apologies if it is.
I'd love to add our Sophos SG UTM devices to Sophos Central, to centralise and aggregate log and events collections, as well as config and health status snapshots.
I can deploy a SUM, but it would be nice to have it linked to Sophos Central for a standard view.

Add a method to check the real time bandwidth usage for firewall rules.

So users can distinguish which rule uses the most bandwidth and set the proper QoS for it.

Currently when configuring SNMP v3 for network monitoring, the encryption is automatically set to AES, but does not identify the strength of the encryption. It has been found through testing that the AES encryption being utilized is AES 128, which is below the requirements for regulations such as Payment Card Information (PCI) and the Health Insurance Portability and Accountability Act (HIPAA) compliance. It would be greatly helpful to allow for the selection of the AES encryption level when configuring SNMP v3 for network monitoring.

We would like to see the ability to create firewall rules that take over if the primary WAN connection fails over to a secondary WAN connection. This would be useful for businesses like ours who has a nice primary connection but a significantly smaller backup connection. For example we let the employees stream media during normal operations however with many streaming if it fails over to the backup WAN connection it causes a huge bottleneck for us.

It would be nice to improve the AD Sync Client with following features:
- AD Sync on OU level
- Sync Computer Objects in Security Group Object and apply a Synced Security Group Object as Computer Group in the Sophos Central Web-GUI. Like this is with the User Objects already implemented.

create one common user into the SFM for access all synchronized UTM GUI

In SUM, include the capacuty to configure SANDSTORM

Currently, to change a scheduled operation in the SUM Gateway manager, you have to delete the schedule and recreate it entirely. It would be nice to be able to simply edit the operation.