SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Protection: Coaching Mode for Warning / Educating User

    Today with UTM we can only allow or block a web site based on the categorie.
    now customer what is called a coaching mode where user get a warning that he is about to get access to a web site that is not relevant for his job and not compliant with the security policy
    The goal of that approach his also to educate customer regarding his web browsing habits and advise him that It knows what he does
    most of our competitors in web security do that
    and Sophos also provide this behaviour/mode with his Sophos Web Appliance
    so i…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. VPN: Manually Disconnect a logged-in User

    I would like to have a option on the Remote Access Status Page to throw out a logged-in-User. In some cases it would be necessary to log out a user manually with the webadmin-interface.

    130 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    24 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Reporting: Reporting role for scheduling/changing reports

    Presently, to assign a login as an Auditor will not suffice because the user will only be able to view/create reports, but not schedule/change reports.

    Consequently, the only resolve is to assign the officer as a SuperAdmin user and that status will open the entire system for this user which is not a satisfactory solution. Please consider a new Role that would allow a user rights to these report functions but not at the SuperAdmin level. Thanks!

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This is possible (Since UTM9) as there is a ’Report Auditor Role" which can view, change, and schedule web usage reports. Enjoy!

  4. MailSecurity: IMAP Proxy

    Implement an IMAP proxy. Provides filtering and scanning functionality for those that use this type of mail retrieval. It rounds out our offering to include all 3 of the major ways users access mailboxes.

    521 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    83 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Network: 4G USB Support

    The support for 3G modems implemented in 8.200 was great, but due to limited bandwidth maybe only useful as a failover link. Can this support also include 4G modems as the Huawei E398? With 4G, network speeds up to 80 MBit is achievable. I would use this support at customers' appliances as well as my sw appliance at home, bundling 4G with DSL!

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Initial support for 4G/LTE devices was released in UTM9.0, and has been extended as well in UTM 9.1. Try yours out and let us know your results at www.astaro.org We plan to continually increase support of these devices going forward, and thus will close this feature to refund the points.

  6. Up2Date: Configuration Roll Back Option

    Add a link in the Up2Date section with the most recent applied Up2Dates, and all for a roolback to a previous version if needed.

    289 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Web Security: HTTPS / SSL Scanning Only for SafeSearch

    In order for SafeSearch to work all of the time with Google, Yahoo, and Bing, we need to cover HTTPS / SSL Scanning as well. However, implementing HTTPS / SSL Scanning system wide impacts every other HTTPS / SSL service transiting through the Astaro Security Gateway. Developing rules to work around those impacts, if even possible, is coming to be a full time job.

    The feature request is for the Astaro Security Gateway to implement HTTPS / SSL scanning ONLY for the SafeSearch sites. This could be accomplished through a simply check-box either on the Web Security >> Global tab…

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    In Sophos UTM 9.3 we have built the ability to selectively include sites in HTTPS filtering, rather than having to include all sites and then create exclusions.

    This feature will allow you, for example, to select sites by category (e.g. only HTTPS scan ‘Search Engines’) or by website tag (e.g. add a list of sites to scan to the Website List and apply the same tag to them all)

    For more information on this feature and the others introduced in Sophos UTM 9.3, see the following blog post: http://blogs.sophos.com/2014/11/10/sophos-utm-advantage-9-3-is-coming-soon-find-out-whats-new-2/

  8. Endpoint Status Overview & Filter

    In the Endpoint Protection Status page we actually can sort manged endpoints by Online and Alert status. The feature should be changed to "filter by" instead "sort by":


    • Status OK

    • Status Alert

    • Status Offline

    • Status (whatever other status are possible here....)

    • All Clients

    If you actually choose a specific status (Alert / Offline etc.), all other clients with a other status should be hidden. Otherwise the overview page will become fast unreadable with >10 or 20 EP's, because always ALL EP's are shown - independently of their status, which makes it hard to get a fast overview.

    Alternative: Filter like…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. VPN: Local VPN ID choices when using Pre-Shared-Key

    If one side of a VPN is another product, it might not accept an 'ANY Remote VPN ID' option, while the UTM doesn't have a fixed IP.
    Thus, the other VPN gateway doesn't know the UTM IP, so it cannot use the IP as peer VPN ID. UTM cannot change its local VPN ID when we set up the Authentication type as Pre-Shared Key. The default local VPN ID is the external IP address and cannot be changed.

    Please support changing the local VPN ID when the Authentication type is Pre-Shared Key, then we can use hostname or email address…

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. ASG Hardware: Minimum RAM of 2GB for Smaller Appliances

    The smaller appliances in the ASG model line could benefit a lot from having 2GB memory. Models 110/120/220. Additionally, I'd like to be able to upgrade the memory module in the box myself without losing support (it is just memory replacement after-all!).

    133 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    50 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    New revisions of all appliances which are white in colour and posses Sophos branding have entered the channel. The UTM 110/120 & 220 Rev.5 now have 2GB of memory.

  11. VPN: Make Android IPSEC/L2TP Work Globally

    As for now for the most Android Users, regardless of version or ROM, the stock Android's IPSEC/L2TP connections does not work (just take a look at the many threads in the forums). There is some link between the problem when used over 3G.

    77 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been completed and released as part of UTM 9. See http://www.astaro.com/blog/up2date/UTM9 for launch information.

    NOTE: Despite the R&D efforts, be aware it is increasingly more common that mobile providers are choosing to actively block VPN connections, and as such is beyond our control to fix. Further, some who are not currently blocking may begin to do so at any time to control clients and protect offered services.

  12. Reporting: VPN Activity

    Create reporting from the vpn logs to show who logged in when, did what, and over what protocols. Also would be good to display currently connected vpn users and their status and activity, and allow disconnection/managment of such connections (disconnect and block for 10 minutes, etc...). Gives more insight into the state of vpn connectivity and who is making use of it, doing what.

    181 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. Networking: Granular QoS

    Provide a means of applying QoS to users and sessions, so that granular controls can be applied as needed to better control traffic and bandwidth.. Fine-tunes the offering of QoS to allow for more specific environments and configurations.

    162 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. VPN: Site-to-Site Tunnel Bonding

    I am looking to have multiple VPN connections between two sites over different Internet connections.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    In UTM 9, you can create multiple connections using Site-to-Site RED, as well, we have just released the RED 50 which allows for dual WAN connections to be balanced to the central UTM site.

    In 9.1, you can bind IPSEC tunnels to interfaces in order to have multiple uplinks between sites using multiple VPN’s which can then use multipath rules to give you both automated balancing AND fail-over support. Enjoy!

  15. Web Security: Support YouTube Educational Features

    YouTube has a "for schools" (http://www.youtube.com/schools) option that requires either a custom HTTP header to be sent with requests, or a URL rewrite (much like the safe-search options already available).

    I would like to see an option to create a custom HTTP header or URL rewrite for sites other than the 3 safe-search ones that exist. I suggest adding the ability to append a string to URL's that match a regex at the proxy or filter action level (e.g. For sites that match ^https?://(www.)?youtube.com/.*, add "X-YouTube-Edu-Filter:<string>" to the HTTP header, or "?edufilter=<string>" to the end of…

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow Endpoint to use low resources when

    Allow Endpoint to use low resources when scheduled scan. This is something that other products supports (i.e. mcafee endpoint). Setting the CPU resource level will not impact endpoint users (especially the case for systems with low RAM/CPU)

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Network Security: Split Country Blocking to Inbound/Outbound

    I need to block countries inbound but need to allow for all users to outbound to anywhere. Please change the single check box per country to a double check box, one for outbound blocking and one for inbound blocking. This way I can block certain countries from trying to contact (hack) us but allow all internal users to go anywhere externally. I like the idea of country blocking for security but it is unuseable for us as internal users cannot be restricted outbound

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Logging: Content Filter overrides on Blacklisted Sites

    Logging will report any bypass for a built-in blocked category, but custom blocked URLs do not be entered into the log.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    I’ll mark this as completed, however as this is a bug (not a feature) it is being tracked internally now. We’ll address this in a coming Up2Date. Thanks for reporting it. (Mantis 21605 for reference)

  19. Support PPPoE RFC 4638 (MTU > 1492)

    FTTC PPPoE in the UK supports an MTU of 1500.

    pppd 2.4.6 is required for RFC 4638 support (this is in git but not yet released) See http://git.ozlabs.org/?p=ppp.git;a=commit;h=fd1dcdf758418f040da3ed801ab001b5e46854e7

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Reporting: Allow Delimiter Choice for CSV

    Although ASG is already fully compliant with RFC 4180 to use a semicolon as delimiter, allow us the option to choose commas as delimiter, which is much more common in the US.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.