Firmware version: 9.601-5

unscannable / encrypted content and file Extension filtering is quarantine only unfortunately.
Please add an option to bounce emails by file extension (e.g. bounce old office formats like .doc, .xls etc.) and to bounce unscannable / encrypted content.

Hi,

Add this feature in Cyberom UTM to Allow work space Facebook and block personal Facebook.

The Device monitor has:
- Conn. to Central Mgmt
- Gateway Status
- Interface Status
- RED Status

First of all, none of our clients need RED, but almost all of them have S2S VPN. Can you add a way to pick what bits to monitor on the Device Monitor and allow me to decide what to display in the NOC?

Thanks!

We have a large number of VPN users and not a day goes by when I don't get an email from a user claiming they got a new phone and need a new QR code and also they forgot their password so could I just go ahead and reset their account for them? Life would be simpler if there was a Forgot Password option where it would send them a password reset link. The process would also delete their OTP Tokens so they would get a new QR code after resetting their password.

In order to facilitate analysis by our CASB of traffic and traffic amounts to and from shadow IT, please provide the number of bytes up & down information in the SG proxy logfiles (like already done by XG as “sent_bytes=*** recv_bytes=xxxxxx).

Please add an option in Network Services>DNS>Forwarders to select forward only or forwared first using a check box. If the box is checked DNS forwarders use forward only. Unchecked returns to the default state of forward first. The check box actions would remain static regardless of updates/restarts. The check box options would effectively have the same function as changing the named.conf settind to forward only or forward first Thank you!

Wireless MAC Filter/Nametag

it would be good, if we could tag a MAC-Adress with a Name. So we can identify which Hardware is bounded with that MAC-Adress.

Best regards
Dmitri

It would be extremely useful to add the possibility to assign a static IP address to clients connecting with VPN SSL. It works with IPsec and L2TP but not with SSL. With a static IP address for each user, we would be able to allow them a specific acces to internal ressources. Thanks.

Problem: You may create NAT Masq rules for your ISP and segment off portions of your network to specific addresses under Network Protection > NAT. If you obtain a secondary ISP and turn on uplink balancing under Interfaces & Routing > Uplink Balancing, your NAT MASQ rules change to uplink interfaces. The NAT MASQ rules only MASQ the primary interface. The current interface doesn't allow for changing to multiple interfaces.

Solution: Allow uplink balancing to be used and allow multiple interfaces to be configured under the MASQ ruleset so that traffic may use either configured interface to NAT MASQ.

By default you don't enable the rules yet you don't have the option to enable the rule when you create it... ! Please add this option at the bottom so we don't have to remember to click the rule on after we create the rule we obviously want on.

Multiple customers have asked if it's possible that they have a single internal mailbox that requires/forces TLS, so that it denies emails if the recipient doesn't support TLS.
There's already the option for entire domains, but they only want a specific account for the purpose of "secure emails".

waf reverse authentication multiple domains

Currrently you can only use reverse authentication to a single domain with a prefix. If you have multiple domains you cannot set the prefix to none. In doing so the waf adds an extra backslash example login as feg\davis ends up with feg\\davis which gets a Denied in the live log and you cannot login get rid of second backslash in reverse authentication

hi, can you please add RAMCO on the application list at the application control? we need to filter it in our company. thank you

Change "Encrypt" button in outlook to show when an email is encrypted. Currently it does not give any confirmation when the "Encrypt" button is clicked!

I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.

A customer needs to block spoofed ACK packets on their WAN interfaces in order to pass security policies. In order to do this, they need to enable strict TCP session handling so they can avoid TCP session pickup. This works, however, it's global and causes problems for one of their applications on the LAN side.
By allowing a whitelist of interfaces to allow TCP session pickup, the customer can meet security requirements without disturbing their application.

we couldn't authenticate citrix thin client machines in sophos utm

Today when configuring NAT the dropdown with the existing interfaces is not sorted, each newly created interface is inserted somewhere into the list, you have to search for it manually. It would be helpful if these interfaces are sorted in an alphabetical order. Especially when many VLAN Interfaces are created there are quite many objects in the list.