SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. da (P)FS bei TLS zwingend für Behörden laut BSI gefordert ist und ach bald im BSI-Grundschutz aufgeführt wird.

    Feature Request eine generelle Option in der GUI wird benötigt , damit nur Forward Secrecy fähige Ciphers verwenden werden können, damit auch andere TLS Versionen damit abgedeckt wären.

    Das Problem ist, das das BSI im April neue technische Maßnahmen für den IT-Grundschutz heraus gegeben hat.

    Darin wird für Web-Anwendungen nur noch TLS 1.2 und TLS 1.3 mit FS empfohlen.

    Der eingriff über CLI ist nicht gewünscht:
    ................................................
    /var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf
    Finden Sie recht weit oben die Zeile :
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    Das was hier eingetragen ist. wird vom Rev-Proxy angeboten.
    Änderungen hier und Folgeprobleme (Sitchwort Backportability alte Clients zu neuen Cipher suites) sind…

    4 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Be able to to customize the Country blocking template

    It would be great to be able to customize the Country blocking template as with all other user facing pages.

    2 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow work space Facebook and block personal Facebook.

    Hi,

    Add this feature in Cyberom UTM to Allow work space Facebook and block personal Facebook.

    2 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Unable to have ? character on Request Redirection

    When trying to add a parameter with a question mark on a URL to redirect to the following error occurs:

    "Please remove the following invalid characters in the target path: ?"

    Support have said this is a system limitation and it is a good candidate for a feature request.

    1 vote
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. O365 Tenant Restriction

    Microsoft have released guidlines to restrict access to specified O365/Azure tenants.

    This requires the injection of an HTTP header.

    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

    Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services

    3 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Citrix thin client user authentication(multiple user access the same ip)

    we couldn't authenticate citrix thin client machines in sophos utm

    1 vote
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Policy Helpdesk

    In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.

    If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.

    1 vote
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPv4 Fallback for IPv6 with Proxy in Standard Mode (Happy Eyeballs)

    If a webserver is resolvable in DNS with both IPv4 and IPv6 addresses (A and AAAA Records) the UTM Proxy will prioritize IPv6, which is ok.

    If the server is not reachable on IPv6 no fallback to IPv4 happens if the proxy is running in Standard mode.

    The provided workarounds are:
    1 -disable IPv6 on the ASG
    => Seriously, disable IPv6 in 2019 ?

    2 -add a DNS static entry for every affected site with only an IPv4 record
    => Definitely not starting to statically add internet hosts...

    3 -use HTTP proxy transparent mode instead
    => well yeah, but want…

    1 vote
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. sandstorm Exclusion in SUM

    Provide the ability to configure sandbox/sandstorm tick box in exclusions pushed out by SUM to UTMs

    1 vote
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Websocket Support for Web Protection / Proxy

    this is self explaining and need no further details.

    21 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add AnyDesk to Application Control List

    Hi,

    AnyDesk (https://anydesk.com/) is a powerfull tool for remote control, so please add to the Application Control List.

    8 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fully support QUIC (HTTPS via UDP)

    Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
    I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

    More about QUIC can be read here : https://www.chromium.org/quic

    With that said, I would like to see full support for QUIC natively in Sophos UTM…

    21 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. allow web filtering exceptions to use the referrer field as well as the URL field

    This would enable (for instance) youtube videos to be accessible as long as they were referred from a trusted website.

    13 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Rewrite URL for URL Shortening services

    Rewrite URL shortening service URLs to force redirect mode, which is visible to the user and to UTM, instead of allowing transparent proxy mode, which is invisible to both. Longer commentary at this community forum entry.
    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/89896/url-shortening-service----rewrite-to-force-redirect-mode---feature-request

    7 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sandstorm customize web messages

    Possibility to customize sandstorm web messages (translate)

    75 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Include Invincea's Deep Learning Engine (Machine Learning) on the UTM

    Since Sophos has purchased Invincea, I am requesting that Sophos included Invincea's Deep Learning Engine (Machine Learning) on the UTM itself.

    Now that Sophos has acquired Invincea and their scanner's ability to detect new malware before it executes, if the scanner was included on the UTM, it could increase the detection of unknown malicious files before they execute.

    With the combination of Sophos' database of known safe files which it could check files against, Sophos could avoid the problem of false positives from Machine Learning detection.

    I am requesting that Sophos add this Machine Learning layer to the UTM to…

    3 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Web Protection: Realtime Per-User Bandwidth Monitor

    For the purpose of analyzing the current outgoing traffic usage we need a live view of the users’ HTTP connections via the Web Protection proxy along the possibility to sort it by bandwidth.

    48 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Web Protection: Use Network Range objects in allowed network list for filter profiles

    Enable web filtering profile to use range objects for the allowed network list.
    Web Protection → Web Filter Profiles → Filter Profiles

    22 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Block File transfer by Skype

    Adding blocking of File transfer by Skype

    2 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make a Chrome Extension that utilizes the same interface as Endpoint client, for browsing restrictions.

    Or at least make an API available, so we can develop browser filter for chromebooks in-house.

    2 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 15 16
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.