SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Password Age Setting as QSA Requirement
Hi ,
As per QSA requirement that the password age setting feature and the change in password notification be available. This is a pain for us and is hampering the client to convince them to deploy more Sophos UTM.
Regards,
Clyde - TN
1 vote -
dhcp static mapping
Have a DHCP IP Reservation function similar to XG Firewalls.
In XG, you can simply reserve an IP address in the DHCP pool so this will only be assigned to a specific user.
This is not the case with UTM as you have to manually reserve static IP addresses outside of the dhcp range
1 vote -
Perform checks when creating host definitions
"security made simple" is a vital aspect of network security and in keeping with that model I suggest the following checks while creating host definitions:
1. When creating a host with an assigned IP, the system should check if that IP is already assigned or not. In a large scale network even though you can search and sort host definitions, it is prone to human error and therefore proper rudemantory checks by the system during creation should be performed.
1.1 one should not be able to create a host with an IP within a dynamic range
1.2 one should not…
2 votes -
Check the DHCP server's 'Range' when creating a Host with Static IP
When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed. Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult. Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy. For example, I just got the following:
secure:/root # cc get_objects dhcp server|grep \'range
'range_end' => '172.16.31.110',
'range_start' => '172.16.31.101',
'range_end' => '192.168.66.254',
'range_start' => '192.168.66.100',
'range_end' => '10.100.100.63',
'range_start' =>…2 votes -
Usage of Sophos AP over a IPSec tunnel
Currently ( 9.605 ) it's not possible to use a Sophos AP on a UTM for remote locations which are connected via IPSec VPN tunnel and not a RED. The AP is being recognized, you can manage it and see all the connection attempts.
The only thing not working is the DHCP server on the UTM which is not able to send his DHCP packets into the tunnel to the AP. It would be great if this function cold be added.2 votes -
Custom Block Messages depending on different networks
We want to be able to show different block messages to request from different users/networks/filteractions.
We have one public hotspot were we provide internet access and another private company wifi.
We want to be able to only show the administrators info (like telephone number) to the private wifi.
Please implement this as a feature if possible.
2 votes -
TOP10 VPN Clients by duration section in Executive Report does not combine different case of the same user name
In the Executive Report, the TOP10 VPN Clients by duration section does not combine user names that are used in different case. For example, "User1" and "user1" are show as unique users on the list. Given that users have to manually type their user name in the SSL VPN dialog, it can't be expected for users to keep the case the same.
1 vote -
Preventive email base leak.
Preventive email base leak.
E.g. text may contain several emails. we are counting only unique adresses. Text may include more than one email repeating and it must count as one consilience.
If some settings is exceeded email transmission is stop.1 vote -
restrict machine to log in on remote access vpn if it do not have any sophos agent installed on the machine
Customer is requesting to have restriction for the machine to log in on remote access vpn if it do not have any sophos agent installed on it. For your assistance please
1 vote -
ipv6 traffic utm
As an admin in times of growing Internet of things with about 50.000.000.000 IPV6 things in about 2 or 3 Years. I hope to be able to administer ipv6 Networkconnections and there possibilities by the Webadmin tool. Not only generally for all interfaces. And not by doing this in the shell.
1 vote -
Mail manager quarantine confirmation when deleting an email
Emails that you accidentally select as delete will be deleted without confirmation. A confirmation if you really want to delete this email would be meaningful.
Otherwise, the e-mails will be irrevocably deleted...
2 votes -
Support for Diffie Hellman groups higher than 16.
IPsec support for Diffie Hellman groups higher than 16 in SG UTM. Group 16 is getting to be a bit weak for todays environment.
5 votes -
Dark Mode
Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...
Why not the Web-Interface of the Sophos XG Home?!?
1 vote -
Add WIFI feature to kick users
Add WIFI feature to kick users/devices out on Guest Wifi after a certain period of time to free up the bandwidth.
1 vote -
WAF Logs - Please add action fields
Currently Sophos UTM IPS and WAF has no indicator on its logs if a certain traffic was Blocked, Allowed or Supposed to be Blocked (if worker node is running on Monitor mode). Which is a problem for a multiple deployments which is running on a combination of Reject/Blocking mode and Monitor mode. Please add this as another field on your logs as all of other WAF's and IPS that I handled before has. Many other customers had or will find this feature lacking when operating and monitoring on multiple worker nodes.
1 vote -
fake email-sender-address
EMail-Sender-Address has normally this form : "Given Name" <senderemail@domain.com>
1. a part - shown-name, human readable name of sender
2. a part - sender-email-addressSPAM/Malware comes often with an additional email-address in first part.
like this : "Given Name <FakeEMailaddr@fakedomain.com>" <senderemail@domain.com>You see in outlook Mail only the first part "Given Name <FakeEMailaddr@fakedomain.com>".
The real sender-EMail-addresse will be hidden.
You can only see the real Address you move the mouse pointer over shown first part.The User don't check this and belive it comes from "Given Name" with the email-address FakeEMailaddr@fakedomain.com.
…
1 vote -
password of the day rest api
implement a function to geht the actual password of the day via rest api.
it will be used to fetch the password of the day to display is every day on a display in the conference rooms.
then no print out is needed for that.
2 votes -
fw-notify.net DKIM signing for notifications
Many email systems are blocking messages sent without DKIM authentication. If possible, please consider adding local DKIM ability or preferably, global DKIM ability (that's tough because of the private key required) for message signing). My ISP is now classifying all email sent from fw-notify.net as SPAM because the messages lack DKIM.
1 vote -
AD Nested group support for policy helpdesk
Hi,
Policy helpdesk can not handle Users in nested groups . (It shows Blocked to all site for these users but in reality (in practice) it works from the end users browser)
Please add fully support to AD nested groups in all parts of UTM.Thanks
1 vote -
Fix the Bug where X-Forward-? host headers are passed when pass host headers is turned OFF in the configuration
This should be a critical bug in the product but has been downgraded to a feature request for an unknown reason.
Issue details
X-Forward-Host and others are appended to the request when the client sends the data (usually as a hack attempt). This results in both the values from the client and the value set from the firewall being sent through to the back end web server.Please treat this as the bug it is and not as a feature request.
Tracking details:
Development reference number: NUTM-11135
Current Status: Assigned to backlog
Issue type: Feature Request1 vote
- Don't see your idea?
