SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ssl vpn

    Problem:
    There's currently an existing bug (confirmed through support up to firmware v9.602) that causes the SSL VPN daemon to disconnect any users associated with a VPN Profile that has a DNS Host object in its networks.

    The UTM will check for updates on DNS hosts periodically (every 2-3 minutes) and any associated VPN Profile will perform rolling restarts on it's users.

    This only causes a few seconds of delay for end users as the clients usually connect without issue but it can be very disruptive.

    Suggestion:
    Have VPN Profiles only reconnect/restart only if a dynamic object (DNS Host or…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. Self-service VPN password/QR code reset

    We have a large number of VPN users and not a day goes by when I don't get an email from a user claiming they got a new phone and need a new QR code and also they forgot their password so could I just go ahead and reset their account for them? Life would be simpler if there was a Forgot Password option where it would send them a password reset link. The process would also delete their OTP Tokens so they would get a new QR code after resetting their password.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Assign static IP address to VPN SSL clients

    It would be extremely useful to add the possibility to assign a static IP address to clients connecting with VPN SSL. It works with IPsec and L2TP but not with SSL. With a static IP address for each user, we would be able to allow them a specific acces to internal ressources. Thanks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. AWS Transit Gateway Support

    Currently, the Amazon VPC setup does not support the new Transit Gateway in AWS. When you attempt to import via config file or secret key it errors out with a Regex error.

    I went up the whole chain of premium support and the GES Engineer let me know it currently isn't supported.

    As Transit Gateway is the future of Inter VPC & S2S networking this would be nice to have supported.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. APIPA range over route based VPN.

    APIPA range over route based VPN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Remove the Limit of 50 Configs in OpenVPN GUI

    Currently there is a limit of 50 configs in OpenVPN GUI.
    There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

    I would like to see that in Sophos UTM SSL VPN Client too.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. SSL VPN - Assign IP address via internal DHCP server

    When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. Improve sorting on tables (Specifically Users table)

    Currently you can sort by name, status, or email. It's not intuitive that the ability to sort asc vs. desc is only available under the current sort method. If you're sorted by name it looks like the option to change direction is only available for name. It's not until you change to status or email that the drop down gives you the option to change the sort direction.

    What I would like to add is the ability to sort by authentication method (remote, local) and date of creation (or last changed date will work). We have hundreds of VPN users…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. IKEv2

    Would like to see support for IKEv2 in AWS appliance.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. ssl vpn on XG

    possibility to add DNS to every different VPN Users group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. Parallel use of old certificates after Signing CA regeneration

    My customers are using SSL-VPN.

    There are certain circumstances, and they need to regenerate the Signing CA.

    As you know, after regeneration VPN users must use new certificates.
    In other words, users will not be able to make remote access connections with old certificates.

    However, it takes time to distribute new certificates to users.
    Before a new certificate reaches the user, not being able to connect to the remote access will hinder their business.

    I request it.
    Please allow remote access connection from clients of old certificate and client of new certificate until user gets new certificate.
    Also, please be…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. Wireguard VPN support

    I'd be nice if you would include WireGuard in your suite of server-side VPN protocols in your UTM line.

    52 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. IPSEC networks overlapping static routing entries

    Currently it's not possible to configure site-2site ipsec Connection with networks which are already configured in static Routing. It doesn't matter if the ipsec Networks are smaller than the static route Networks. The ipsec deamon results in an error message like: "cannot route -- route already in use for "

    It should be possible to setup a site-2-site tunnel with subnetwork ranges, which are already configured and covered by a static route.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. Hook to support DNS Server update for Linux VPN Clients

    An option to get a updated DNS Server for Linux VPN Clients. Currently the OpenVPN option only sets the DNS Server for Windows Clients.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. Hook to support DNS Server update for Linux VPN Clients

    An option to get a updated DNS Server for Linux VPN Clients. Currently the OpenVPN option only sets the DNS Server for Windows Clients.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support VPN Configuration from Microsoft Intune and Windows 10

    Microsoft have been working on their Intune Solution which includes a way to configure a VPN policy that is deployed. There are a number of "Connections" available from other vendors by Sophos are not present. It would be great if Sophos would create a "UWP VPN plug-in" which will allow us to be able to configure VPN's via this. If using Autopilot in the future too a VPN maybe required if not in the office and this same configuration is used.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. VPN connection log

    The default behaviour of the SSL VPN client is to truncate the log file on OpenVPN startup. Want to have the option to append in stead of truncate.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. PDF preview in HTML5 webapp (http) (SG UTM)

    When using HTML5 VPN session with http webapps, PDF preview is not supported.
    PDF preview would be a nice feature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. Different WAN Port for different SSL VPN

    For example, for WAN 1, I will let sales group to VPN to access certain areas of the network, For WAN 2, I will only let those road warriors to access a more restricted area of the network instead of using 1 WAN link that gets filtered by the UTM level. My previous vendor, Watchguard, do have such function, except that Sophos has a higher throughput.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. Update SSL VPN to newest OpenVPN version.

    MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.

    66 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.