SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. da (P)FS bei TLS zwingend für Behörden laut BSI gefordert ist und ach bald im BSI-Grundschutz aufgeführt wird.

    Feature Request eine generelle Option in der GUI wird benötigt , damit nur Forward Secrecy fähige Ciphers verwenden werden können, damit auch andere TLS Versionen damit abgedeckt wären.

    Das Problem ist, das das BSI im April neue technische Maßnahmen für den IT-Grundschutz heraus gegeben hat.

    Darin wird für Web-Anwendungen nur noch TLS 1.2 und TLS 1.3 mit FS empfohlen.

    Der eingriff über CLI ist nicht gewünscht:
    ................................................
    /var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf
    Finden Sie recht weit oben die Zeile :
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    Das was hier eingetragen ist. wird vom Rev-Proxy angeboten.
    Änderungen hier und Folgeprobleme (Sitchwort Backportability alte Clients zu neuen Cipher suites) sind…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Custom Block Messages depending on different networks

    We want to be able to show different block messages to request from different users/networks/filteractions.

    We have one public hotspot were we provide internet access and another private company wifi.

    We want to be able to only show the administrators info (like telephone number) to the private wifi.

    Please implement this as a feature if possible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Safeguard Bypass

    It would be great to have the ability to bypass SafeSearch on a web policy based on Groups, IP or user.

    This would allow the level of granularity needed in schools without the need for complex firewall rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. AD Nested group support for policy helpdesk

    Hi,

    Policy helpdesk can not handle Users in nested groups . (It shows Blocked to all site for these users but in reality (in practice) it works from the end users browser)
    Please add fully support to AD nested groups in all parts of UTM.

    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow work space Facebook and block personal Facebook.

    Hi,

    Add this feature in Cyberom UTM to Allow work space Facebook and block personal Facebook.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Be able to to customize the Country blocking template

    It would be great to be able to customize the Country blocking template as with all other user facing pages.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Unable to have ? character on Request Redirection

    When trying to add a parameter with a question mark on a URL to redirect to the following error occurs:

    "Please remove the following invalid characters in the target path: ?"

    Support have said this is a system limitation and it is a good candidate for a feature request.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. O365 Tenant Restriction

    Microsoft have released guidlines to restrict access to specified O365/Azure tenants.

    This requires the injection of an HTTP header.

    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

    Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Policy Helpdesk

    In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.

    If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. IPv4 Fallback for IPv6 with Proxy in Standard Mode (Happy Eyeballs)

    If a webserver is resolvable in DNS with both IPv4 and IPv6 addresses (A and AAAA Records) the UTM Proxy will prioritize IPv6, which is ok.

    If the server is not reachable on IPv6 no fallback to IPv4 happens if the proxy is running in Standard mode.

    The provided workarounds are:
    1 -disable IPv6 on the ASG
    => Seriously, disable IPv6 in 2019 ?

    2 -add a DNS static entry for every affected site with only an IPv4 record
    => Definitely not starting to statically add internet hosts...

    3 -use HTTP proxy transparent mode instead
    => well yeah, but want…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Citrix thin client user authentication(multiple user access the same ip)

    we couldn't authenticate citrix thin client machines in sophos utm

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. sandstorm Exclusion in SUM

    Provide the ability to configure sandbox/sandstorm tick box in exclusions pushed out by SUM to UTMs

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Protection Block Files Upload

    It would be nice to block file upload on cloud services or any other webiste, to prevent any kind of data leakage.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Websocket Support for Web Protection / Proxy

    this is self explaining and need no further details.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add AnyDesk to Application Control List

    Hi,

    AnyDesk (https://anydesk.com/) is a powerfull tool for remote control, so please add to the Application Control List.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Change httpproxy to 64-bit application.

    We can only use 4GB memory space with httpproxy.
    Therefore, it is not possible to sufficiently use the hardware resources with the SG 650 or the like high-end appliance.
    Please change httpproxy to 64-bit application.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Make The Refer To Sandstorm Option in Web Filtering Exception To Be Edited Even if Without Sandstorm License

    Hello Team,

    Customer is requesting to Make The Refer To Sandstorm Option in Web Filtering Exception To Be Edited Even if Without Sandstorm License.

    The checkbox on the Web Exceptions form is disabled.

    The problem is that some of my exceptions have the check box checked and customer can’t uncheck them.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Crypto currency Catagory for content filtering

    Hello Sophos,

    While managing UTM appliance we have observed lot of user started browsing sites related to “cryopto-curancy” and "mining of Cryto-currancy". These sites are hogging my bandwidth

    when I search these websites they fall under finance category which is making job difficult to block such website

    My request you to please create separate category for CRYPTO CURRENCY related sites so that we can use/enjoy appliance features optimally

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. HTTPS Signing CA should be restricted

    The HTTPS Signing CA should be restricted to Enhanced Key Usage Server/Client Auth, Basic Path Length Constraint = 0 and no private key download should be allowed.

    The Certs signed by this default CA are (or should be) used only for Server/(Client) Auth?! Currently the CA has no restriction for Enhanced Key Usage and Basic Constraint path length. So a (compromised) CA could offer certs for any purpose and build unlimited SubCAs.
    [The Path len may not be so vulnerable, because keyCertSign isn't set]

    Also it shouldn't be allowed to download this CAs private Key. For what purpose (other than…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Proxy should honor Country Blocking Exceptions

    Currently (9.506-2 and prior), Web Proxy enforces country blocking but ignores country blocking exceptions. Support says this is not a bug, although it is hard to justify why making the product work as expected should be considered a "feature" request. Their workaround is to disable URL filtering for desired exceptions, but this also disables other policy checks that we want, such as blocking access to Social Networking Sites.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 15 16
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.