SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Automatic scheduled resync users status from AD to UTM.

    Every time when I chage the users status on my Active Directory Server (blocking, disableling or excluding an account) I have to go to UTM and manually resync users to make the changes updated in UTM. This is an inconvenience. My sugestion to Sophos is to enhance UTM to make Active Directory users resync automatic.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Rename Blacklist / Whitelist to Denylist / Allowlist

    I think it would be appropriate to rename the Blacklist to Denylist and Whitelist to Allowlist. Multiple Customers reported this as offensive.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. More than one concurrent SSL VPN Client at same time

    Currently only one CLient SSL VPN connection is allowed at any one time to Sophos firewall (UTMs). Suggestion is for muitiple connections. Reason is we do off line backups to customer sites via VPN but currently can only do one at a time. We have several customers who require us to do these backups.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Intergrated Lightweight Firewall Web Browser in UTM GUI

    Imagine under Support > Tools, in UTM 9 there was a 'Browse' tab/option that opens an integrated web browser that let you browse the internet. It can optionally to have access to the local filesystem.

    This would be useful in many scenarios when you don't have access to local server or computer. Similar to my scenario, where I need to hit a Comcast router, UTM is NAT'd behind and I can't because no computer locally.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Upgrade WebAdmin CA to create 2048bit keys in Certificates

    Sophos does currently not support the VPN Connection of iOS devices due to incpmliant key length in Certificates. Apple devices expect 2048 Bit. Please upgrade the WebAdmin CA.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. bandwidth usage reporting

    Logging & Reporting / Network Usage / Bandwidth Usage
    shows an IP which is apparently the source of the bandwidth used.

    Please add another column, and label them "Source IP" & "Destination IP".

    Our UTM-9 is deployed in a datacenter, with a few dozen IPsec Site-to-Site VPN Tunnels. A few of them have similar remote subnets and we need to be able to track bandwidth usage through a given tunnel. Knowing both source and destination IPs for my bandwidth used would sure be nice.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  7. syslog messages RFC 5424

    Logging: Syslog Support of RFC 5424

    is it possible to change the time format for the syslog messages?
    To the RFC 5424 format?
    br
    Kai

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  8. open source

    Hello,

    Open the source code of UTM SG

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Android or IOS Malicious Apps

    Hi, need a little guidance since I’m not all that familiar with many apps. I heard that Android and iOS are launching extremely dangerous apps? Are there any in particular I should be worried about? click here for further info
    https://www.ilounge.com/articles/android-and-ios-releases-a-whole-wave-of-sketchy-apps

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. VLAN bridge support in MESH network

    Currently in UTM v9.7 VLAN bridge in MESH newtwork using APX appliances is not supported.
    This feature does exist in current Central Wireless.

    Please support it also in SG UTM.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. country blocking for crimea region

    Please implement the crimea region in the country blocking options.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. otp

    Fix Password Compatibility Issue

    Passwords ending with 6 or more numbers cause the Auto-create OTP token feature to fail. This limitation should not exist. Until it is fixed it should be noted in the documentation and attempts to use an incompatible password should produce a clear error message

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Rename inappropriate HA-terminology

    It's clear, that master/s.l.a.v.e as terminology is negatively predestined. The role could be renamed to something like primary/secondary or maybe also just active/standby?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  14. WebProxy_SSL-Scanning: Change the Certificate Subject Name...

    Please implement the possibility to change the Certificate Subject Name, for the certificate which is delivered to the clients, when doing SSL-Scanning.

    The Certificate Subject Name is currently the IP address of the requested URL. Unfortunately, a lot of linux systems have a problem, if the Certificate Subject Name is the IP and not the FQDN of the requested URL.

    Could you please change or implement this?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Please make the ISO installer UEFI bootable

    Some systems no longer support legacy boot options. UEFI is a necessity for these systems. I am unable to install Sophos UTM as a result of not having it be UEFI compliant.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  16. Testing E-Mail delivery

    I got problems with sending EMails via my Sophos UTM firewall to specific EMail addresses. The EMail delivery in general works, i got only problems with specific Email addresses. Therefore, an EMail testing feature via web interface (with verbose output) would be great!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Remove the diffie-hellman-group1-sha1 in ssh service/port-22

    Hi Sophos,

    We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.

    We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,

    Please kindly provide a step or your action to remove it.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  19. E-Mail Protection: Allow specific file extensions in the quarantine release options

    We have a list of file extensions that we block for mail exchange.
    But we want to allow our users to unblock only specific file extensions like doc or docx in the quarantine portal.
    The extensions like .exe or .bat etc. must remain forbidden
    At the moment in the quarantine release options it's only possible to allow/disallow every file extension.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. LimitRequestFieldSize value in the UI

    When publishing websites that has large request headers the WAF dismisses the request with "Size of a request header field exceeds server limit".

    This is a major issue when publishing ADFS and other authentication mechanisms that use claims/tokens and sometimes they exceed the default value of 8K.

    Please make firmware changes so that this value can be changed through the UI. optimally as a pr. virtual web server setting.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.