SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Network Security: Vulnerability Scanner

    Implement a means whereby from the ASG you can scan networks for vulnerabilities.

    219 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Network Security: Firewall Rule "Hit" Counters

    Display the number of packets that match each rule in the table. So you can locate unnecessary packetfilter rules. Should be able to reset the hit counter(s) as needed, along with a tooltip to show the last time(s) of the previous few hits.

    216 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Network Security: Automatic uPNP Support

    Adding NAT rules automatically through UPnP service would be also great for home users and probably some other small companies.

    160 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    39 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Network Security: Create firewall rule(s) directly from Live Log

    In order to make fine tuning of our product packet filter configuration easier, we should add a way to create packet filter rules with a small wizard so that if i see any packet that i want to explicitly drop or allow i can start a mini-wizard that helps to create a matching packet filter rule by either selecting existing definition objects or offering an easy way to create new definition objects, which later than get used in the pf rule..

    124 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Block IP's using Blacklist/Blocklist Service

    Support the use of Blacklists/blocklists. Note that this feature was requested at link below and apparently Sophos thought that ATP would satisfy the need, however it does not provided the requested functionality, Therefore I am re-posting this as a new suggestion.

    The old suggestion was marked as implemented by the ATP feature; however ATP is not what was wanted and generates too many false alerts. This is the prior feature request: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/1982075-network-security-block-malicious-botnet-bad-ip-s

    Plain and simple: We want support for blocklists. Such as those found here: https://www.iblocklist.com. I would also like to specify a blocklist per network. So for example…

    83 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Network Security: Drag'n'Drop sort of packet filter rules

    Improve the GUI to support a drag'n'drop sort of the packetfilter ruleset or also potentially other sortable list elements..

    64 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. IPS: Creation of Custom Rules (Snort)

    the possibility to add own snort rules would be great!
    Customers can add their special rules for their special needs,
    so we could be more flexible and more secure.

    The AxG can check the own rules via a new snort instance, if everything is fine -> add it to the ruleset.

    60 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  8 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Network Protection: Use Suricata for IPS

    I think it could be worth a look at, unless Snort comes up with a multfhreaded version.
    http://www.openinfosecfoundation.org/
    http://suricata-ids.org/

    44 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Networking: Block/Blacklist IP Globally

    A method is needed to quickly add an IP address or range to a "Deny Access" list.

    Currently you have to create a new network definition for each bad host and then drag and drop it on a group that is used to deny access. The number of entries in the network definition page can therefore get very large.

    There are several possible ways of implementing this:


    1. Have a "Deny Access" tab under Network Security that contains a group definition for denied hosts or IP ranges to which you can quickly add entries.


    2. Add a new type of group under…

    42 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Networking: RPC Connection Tracking Helper

    A port object that automatically unlocks the associated high ports for the RPC mapper, so you must not unlock all high ports for the RPC services.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. 37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Expire date for firewall rules

    Firewall rules should have an optional expiry date. This is useful, if a firewall rule has only been approved for a certain period of time.

    With this feature the firewall admin no longer needs to schedule in a separate calendar the removal of a temporary rule and then perform a manual task.

    This results in a cleaner ruleset and less effort for the firewall admin.

    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Network Security: Logical "NOT" Support for Packet Filter, DNAT, etc...

    It would easily save a lot of work if we had the possibility to make a mass-rule with "NOT" operators, like accepting all traffic for all directions EXCEPT for some host or network etc..

    Like ACCEPT ANY ANY !Host"A"

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Network Protection: Create firewall rules to automatically "blacklist" an "attacker."

    I'd like to turn on 'reactive rules' to start dropping all traffic from source IPs that trip a threshold of IPS or PF rules.

    Say someone is scanning your website for IIS vulnerabilities and trips 20 IPS rules in 1 minute (administrator defined parameters), then the UTM would create a rule at the top to block all traffic to and from the attacking source IP.

    Bonus points for letting the rule dissolve after N hours as well as being able to turn this rule on for specific interfaces or subnets, You could link it to the geo-location system so that…

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. IP Ban/Black list (quickly accessible - dynamic)

    Very very often there are random attacks (SMTP/WEB/SSH etc.) occurring from a certain hosts/bots - often small pool of random addresses.

    It would be EXTREMELY handy if we could have a Quick-Access-Dynamic-Absolute-IP-Blacklist.
    What would be even better is if we can create and maintain such lists per interface basis. (one for WAN, one for Internal1, one for Internal2 etc.)

    No host definitions, no firewall rules, no network definitions, no timeouts, no application filter, nothing.

    Just a plain simple, clean, one-click away, absolute IP ban/blacklist.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Network Protection: Bi-directional firewall rules

    Create bidirectional firewall rules. For example 2 Servers need to contact each other on the same ports. Now you have to create 2 Firewall rules.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Network Protection: Fallback to previous IPS pattern version

    Engine fallback to previous file in case of a determined engine error or bad update.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Firewall Order of Operations

    Firewall Order of Operations

    Based on testing and additional information found in other request, it appears that the proxies/security services have a higher order of operation over the firewall. As such, even with firewall rules in place, the security services override those settings. With email protection, this essentially opens up SMTP on the Sophos UTM to anyone on ALL interfaces. This, thus, increases the surface attack area of the device to an unacceptable level.

    Changing the order of operation would allow the administrator of the device to dictate, via firewall rules, what can and can not access the Sophos UTM…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Networking: Masquerading (NAT) Balancing Across All Public IP's

    Use all available public addresses on the WAN interface, even though the HTTP proxy is turned on. The reason for this feature is to keep users working, even if the primary WAN IP address is offline.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Definitions: Create objects based on "AS whois" record

    It would be nice to have the ability to define network definitions by whois AS number.
    eg. you could make a definition for all the Telenet public subnets by adding a Definition Telenet-subnet with a parameter AS 6848.
    The AS number database is rebuilt on a daily basis, and could be synced just like the spam, antivirus and content filter databases are synced or updated.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 9 10
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.