SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. sandstorm Exclusion in SUM

    Provide the ability to configure sandbox/sandstorm tick box in exclusions pushed out by SUM to UTMs

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • O365 Tenant Restriction

      Microsoft have released guidlines to restrict access to specified O365/Azure tenants.

      This requires the injection of an HTTP header.

      https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

      Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Websocket Support for Web Protection / Proxy

        this is self explaining and need no further details.

        17 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Fully support QUIC (HTTPS via UDP)

          Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
          I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

          More about QUIC can be read here : https://www.chromium.org/quic

          With that said, I would like to see full support for QUIC natively in Sophos UTM…

          21 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • allow web filtering exceptions to use the referrer field as well as the URL field

            This would enable (for instance) youtube videos to be accessible as long as they were referred from a trusted website.

            12 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Rewrite URL for URL Shortening services

              Rewrite URL shortening service URLs to force redirect mode, which is visible to the user and to UTM, instead of allowing transparent proxy mode, which is invisible to both. Longer commentary at this community forum entry.
              https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/89896/url-shortening-service----rewrite-to-force-redirect-mode---feature-request

              6 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Sandstorm customize web messages

                Possibility to customize sandstorm web messages (translate)

                73 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Include Invincea's Deep Learning Engine (Machine Learning) on the UTM

                  Since Sophos has purchased Invincea, I am requesting that Sophos included Invincea's Deep Learning Engine (Machine Learning) on the UTM itself.

                  Now that Sophos has acquired Invincea and their scanner's ability to detect new malware before it executes, if the scanner was included on the UTM, it could increase the detection of unknown malicious files before they execute.

                  With the combination of Sophos' database of known safe files which it could check files against, Sophos could avoid the problem of false positives from Machine Learning detection.

                  I am requesting that Sophos add this Machine Learning layer to the UTM to…

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Web Protection: Realtime Per-User Bandwidth Monitor

                    For the purpose of analyzing the current outgoing traffic usage we need a live view of the users’ HTTP connections via the Web Protection proxy along the possibility to sort it by bandwidth.

                    48 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Reset HTTPS connection instead of URL Filter block page

                      As an option, please provide the ability to drop or reset an HTTPS connection to a blocked web site when "URL filtering only" option is set. Reset may be preferable to drop so as to avoid timeouts. The default behavior of responding with a block page is helpful except that it causes certificate errors for clients who do not have the UTM certificate in their trusted CA list. When not using web filtering for true MITM scanning of content, it seems excessive to deploy the UTM cert throughout one's environment, and can be especially challenging on some devices. A simpler…

                      23 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Web Protection Block Files Upload

                        It would be nice to block file upload on cloud services or any other webiste, to prevent any kind of data leakage.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Better Website management in Webfilter

                          Right now the Website list in Webfiltering has very limited management options. Importing or deleting longer lists is not possible because the page freezes. It would be great to have export and working bulk edit options.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Notification of Proxy Routing

                            There needs to be an alert or notification that when setting firewalls for Internet IPv4/6 as a destination that the subnet of the two networks that shouldn't talk to each other are added to their respective web proxy profile blocklist.

                            I have encountered many people that are not aware that the web proxy routes. Many people do not test their security configurations and this functionality (proxy routing) goes some time without being realized.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Attachment, link, and file emulation

                              Email is a huge vector for malware. Not all of it comes in as an attachment. Links in email often lead to NEW malware. NEW versions of malware are attached or embedded into Office documents. Files users download may have NEW undetected malware in them.

                              Palo Alto has Wildfire. FireEye has a similar service/appliance. Each service takes URLs, Office documents and unknown files and detonates them in a sandbox to determine if they are malware. Previously unseen downloaded files are uploaded to the same service. When NEW malware or malware links are discovered, an update is pushed to all subscribing…

                              13 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Enable the admin to remove unused Website Tags in Web Filtering

                                If one defines a website tag in the UTM for a collection of URLs, then later desires to fully delete the tag (the tags remain in the configuration db even if not assigned to any URLs), there is currently not a way to do this. I contacted support and they said this would be a feature request (seems like missing basic functionality to me).

                                44 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  9 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Huawei P8 Lite Fitbit Flex Connection 2

                                  Huawei P8 Lite Fitbit Flex Connection 2
                                  Hello
                                  A friend recently gave me her old bracelet Fitbit Flex 2. It is reset but we are unable to connect it to Bluetooth with my Huawei P8 Lite while we get there with other devices... Have you ever encountered this problem? Solutions?
                                  Thank you, everyone.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Change httpproxy to 64-bit application.

                                    We can only use 4GB memory space with httpproxy.
                                    Therefore, it is not possible to sufficiently use the hardware resources with the SG 650 or the like high-end appliance.
                                    Please change httpproxy to 64-bit application.

                                    9 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Crypto currency Catagory for content filtering

                                      Hello Sophos,

                                      While managing UTM appliance we have observed lot of user started browsing sites related to “cryopto-curancy” and "mining of Cryto-currancy". These sites are hogging my bandwidth

                                      when I search these websites they fall under finance category which is making job difficult to block such website

                                      My request you to please create separate category for CRYPTO CURRENCY related sites so that we can use/enjoy appliance features optimally

                                      5 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add AnyDesk to Application Control List

                                        Hi,

                                        AnyDesk (https://anydesk.com/) is a powerfull tool for remote control, so please add to the Application Control List.

                                        8 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • HTTPS Signing CA should be restricted

                                          The HTTPS Signing CA should be restricted to Enhanced Key Usage Server/Client Auth, Basic Path Length Constraint = 0 and no private key download should be allowed.

                                          The Certs signed by this default CA are (or should be) used only for Server/(Client) Auth?! Currently the CA has no restriction for Enhanced Key Usage and Basic Constraint path length. So a (compromised) CA could offer certs for any purpose and build unlimited SubCAs.
                                          [The Path len may not be so vulnerable, because keyCertSign isn't set]

                                          Also it shouldn't be allowed to download this CAs private Key. For what purpose (other than…

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 15 16
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.