Every time when I chage the users status on my Active Directory Server (blocking, disableling or excluding an account) I have to go to UTM and manually resync users to make the changes updated in UTM. This is an inconvenience. My sugestion to Sophos is to enhance UTM to make Active Directory users resync automatic.1 vote
I think it would be appropriate to rename the Blacklist to Denylist and Whitelist to Allowlist. Multiple Customers reported this as offensive.2 votes
Currently only one CLient SSL VPN connection is allowed at any one time to Sophos firewall (UTMs). Suggestion is for muitiple connections. Reason is we do off line backups to customer sites via VPN but currently can only do one at a time. We have several customers who require us to do these backups.2 votes
Imagine under Support > Tools, in UTM 9 there was a 'Browse' tab/option that opens an integrated web browser that let you browse the internet. It can optionally to have access to the local filesystem.
This would be useful in many scenarios when you don't have access to local server or computer. Similar to my scenario, where I need to hit a Comcast router, UTM is NAT'd behind and I can't because no computer locally.2 votes
Sophos does currently not support the VPN Connection of iOS devices due to incpmliant key length in Certificates. Apple devices expect 2048 Bit. Please upgrade the WebAdmin CA.2 votes
Logging & Reporting / Network Usage / Bandwidth Usage
shows an IP which is apparently the source of the bandwidth used.
Please add another column, and label them "Source IP" & "Destination IP".
Our UTM-9 is deployed in a datacenter, with a few dozen IPsec Site-to-Site VPN Tunnels. A few of them have similar remote subnets and we need to be able to track bandwidth usage through a given tunnel. Knowing both source and destination IPs for my bandwidth used would sure be nice.2 votes
Logging: Syslog Support of RFC 5424
is it possible to change the time format for the syslog messages?
To the RFC 5424 format?
Open the source code of UTM SG3 votes
Hi, need a little guidance since I’m not all that familiar with many apps. I heard that Android and iOS are launching extremely dangerous apps? Are there any in particular I should be worried about? click here for further info
Currently in UTM v9.7 VLAN bridge in MESH newtwork using APX appliances is not supported.
This feature does exist in current Central Wireless.
Please support it also in SG UTM.4 votes
Please implement the crimea region in the country blocking options.1 vote
Fix Password Compatibility Issue
Passwords ending with 6 or more numbers cause the Auto-create OTP token feature to fail. This limitation should not exist. Until it is fixed it should be noted in the documentation and attempts to use an incompatible password should produce a clear error message2 votes
It's clear, that master/s.l.a.v.e as terminology is negatively predestined. The role could be renamed to something like primary/secondary or maybe also just active/standby?3 votes
Please implement the possibility to change the Certificate Subject Name, for the certificate which is delivered to the clients, when doing SSL-Scanning.
The Certificate Subject Name is currently the IP address of the requested URL. Unfortunately, a lot of linux systems have a problem, if the Certificate Subject Name is the IP and not the FQDN of the requested URL.
Could you please change or implement this?1 vote
Some systems no longer support legacy boot options. UEFI is a necessity for these systems. I am unable to install Sophos UTM as a result of not having it be UEFI compliant.2 votes
I got problems with sending EMails via my Sophos UTM firewall to specific EMail addresses. The EMail delivery in general works, i got only problems with specific Email addresses. Therefore, an EMail testing feature via web interface (with verbose output) would be great!2 votes
We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.
We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,
Please kindly provide a step or your action to remove it.1 vote
We have a list of file extensions that we block for mail exchange.
But we want to allow our users to unblock only specific file extensions like doc or docx in the quarantine portal.
The extensions like .exe or .bat etc. must remain forbidden
At the moment in the quarantine release options it's only possible to allow/disallow every file extension.1 vote
When publishing websites that has large request headers the WAF dismisses the request with "Size of a request header field exceeds server limit".
This is a major issue when publishing ADFS and other authentication mechanisms that use claims/tokens and sometimes they exceed the default value of 8K.
Please make firmware changes so that this value can be changed through the UI. optimally as a pr. virtual web server setting.2 votes
- Don't see your idea?