SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. NBN Telstra

    As yet there is no support for MPoA which is the required protocol for VDSL2 on the NBN network. With ADSL fading out this seems to be an essential feature

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    • Download Search Log Files

      277/5000
      The Search Log Files feature (Action, Time, URL, User) is very useful when using report format, but we were not able to download it.

      It would be very interesting to be able to download these searches, just as we can do in Logging & Reporting> Web Protection

      6 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
      • "Out Of Office" replies with BATV feature enabled

        With current exim configuration, the "Out Of Office" replies getting rejected by the BATV due to the null return address in the reply. Please add a feature to handle these messages pass through the BATV feature.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • top user report x interface Utilization

          Send the top user report via email when the interface utilization speed crosses the set threshold value

          4 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
          • Certificate on the UTM

            Out-of-the-box Sophos UTM will generate self-signed certificates for many functions as for the Web proxy signing CA. We would like to use our internal PKI infrastructure consisting of an W2K16 Enterprise RootCA because it_s certificate is trusted automatically by all Windows clients in the domain so there is no need to distribute other certificates by GPO for e.g.

            For the webadmin console we used a certificate signed by this _Root_CA and that works without problem. Because we use SSL scanning we want the web proxy _Signing CA_ to be a intermediate CA of our RootCA. I have generated the certificate…

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • Let's Encrypt Wildcard Integration

              Let's Encrypt Integration came with UTM 9.6. That's great!

              You should now implement the support of Let's Encrypt Wilcard domains with ACMEv2.

              Best Regards

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • adding an option to remove users from UTM

                i would like you to add an option to remove users from UTM after they get authenticated and synced from STAS to the UTM, sometimes even when you remove the user from the STAS it keep stuck in the UTM and then i have to restart the device to wipe all the users and start fresh, adding this option will ease the work

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • ADD DNSexit.com as dynDNS Provider

                  ADD DNSexit.com as dynDNS Provider
                  please add DNSexit.com as dynDNS Provider.
                  because they can host top domain name(yourdomain.com) for free.
                  or create own providers under dynDNS for any other profider.

                  thanks!

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                  • SSL VPN - Assign IP address via internal DHCP server

                    When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

                    11 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • 1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Log the domain used for virtual web servers in WAF

                        Currently, Web Server Protection logs only note the first listed domain to identify which virtual web server was used by the client.
                        • server: first domain name of the virtual server serving the request

                        Since there can be a number of domains used by the same virtual web server, it would be much more useful to log the actual domain requested in the host header. As different domains can be used for different environments, this would provide much better analytics on how the virtual web server is being used.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Web Protection Block Files Upload

                          It would be nice to block file upload on cloud services or any other webiste, to prevent any kind of data leakage.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • HTTPS Certificate on Captive Portal

                            It would be great if the WiFi Captive Portal provided a link to download the HTTPS Certificate Authority so that visiting users can be properly filtered with HTTPS scanning. This is important in educational institutions to help protect students from web browsing by visitors.

                            Estimados, sería muy importante poder generar una actualización en la que desde el Captive portal se pueda descargar el certificado de SOPHOS para la aplicación del escaneo HTTPS y forzar el SAFE SEARCH. En instituciones donde asiste mucha gente con dispositivos propios que utilizan el servicio de WIFI no se puede instalar de forma centralizada el…

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Safe Search HTTPS Certificate

                              Estimados, sería muy importante poder generar una actualización en la que desde el Captive portal se pueda descargar el certificado de SOPHOS para la aplicación del escaneo HTTPS y forzar el SAFE SEARCH. En instituciones donde asiste mucha gente con dispositivos propios que utilizan el servicio de WIFI no se puede instalar de forma centralizada el certificado lo que impide el uso del servicio de escaneo que es muy importante sobre todo en instituciones educativas para proteger los contenidos a los que acceden los alumnos.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • WAF - Reverse Authentication - Auth Failure Feedback

                                Currently when logging in and specifying a bad username or password, no feedback is given. The page simply reloads with no indication that the login attempt was even processed.
                                Request:
                                Provide basic authentication feedback preferably by populating runtime variables. These could be common auth failure results of "bad username or password", "account disabled", "password expired", "authorization failure", etc.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Resolve X-Forward-For headers to client IP addresses in the log

                                  When UTM is deployed as part of a proxy chain the WAF logs do not capture the client source details present in the X-Forward-For headers, but will instead log the upstream proxy's IP address as source.
                                  Can we have a log field that allows administrators to also see the original requester's source address?

                                  Note that ProxyProtocol support does not solve this issue as many upstream proxies do not support this for traffic already tagged with X-Forward-For information.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Modify mod_sec built-in rules

                                    Allow administrators to modify the pre-supplied rules for the WAF as custom rules cannot override existing signatures. Having to create a custom signature and then exempt the built-in signature causes lots of additional administration and clutter.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Modify built-in mod_security rule criticality

                                      The ability to not just create a "skip rule ID" entry for a signature, but actually modify whether the firewall treats it as critical or not. Similar to tuning rules and rule categories in the IPS.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Support for Industrial Protocols in DPI / IDS

                                        We are fairly recent Sophos partner, our business is in industrial automation and control systems customers.

                                        Security for industrial automation, critical infrastructure, and industry 4.0 is very much a hot topic right now.

                                        We would like to see some development to include capability for Deep Packet Inspection and control of industrial control protocols such as:

                                        Modbus TCP
                                        Ethernet/IP (CIP)
                                        OPC Classic (DCOM / RPC)
                                        Siemens S7
                                        etc.

                                        Inclusion of rules for these into IDS would also be welcomed.

                                        A number of vendors approaching us are starting to get into this specialist area of the market and it would be great…

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Better Website management in Webfilter

                                          Right now the Website list in Webfiltering has very limited management options. Importing or deleting longer lists is not possible because the page freezes. It would be great to have export and working bulk edit options.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 175 176
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.