SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Rewrite URL for URL Shortening services

    Rewrite URL shortening service URLs to force redirect mode, which is visible to the user and to UTM, instead of allowing transparent proxy mode, which is invisible to both. Longer commentary at this community forum entry.
    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/89896/url-shortening-service----rewrite-to-force-redirect-mode---feature-request

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. cPanel and WHM ports

    Add cPanel and WHM ports to "Allowed Services" by default.
    Ports 2082, 2083, 2086, 2087, 2095, 2096

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. exe filter bypass

    have an issue this link downloads an exe and bypasses my exe filter - http://www.tec-it.com/forward/vc2015x86redist-14.0.24215.1

    this link (http://software.bigfix.com/download/bes/util/Sha1.exe?cm_mc_uid=03907949092314956501473&cm_mc_sid_50200000=1495650147) is blocked by my exe filter

    this is a very big bug - is the first link even virus scanned

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow multiple authentication methods for Web Protection (Non Windows/Mac OS X devices)

    I would like a feature that allows devices to connect to the internet without authentication method but also allow the user to log in through the browser at any point in the session to gain their filter group.

    Ex. Allow the user to log into a Chromebook without authenticating to UTM and be awarded the default profile. At any time they are blocked by the strict default profile it should allow the user to specify their username and gain their groups specific profile.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sandstorm customize web messages

    Possibility to customize sandstorm web messages (translate)

    75 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. URL Submit for Reclassification

    It would be beneficial to have a reply from Sophos after submitting a URL for reclassification. If the reply could indicate that it was completed and also what Category was chosen for it...

    Currently we are using a tag to allow a site when staff need it right away.... then we wait a day and spot check for the category and remove the tag once this is complete.

    The time it takes after submission until it is completed seems to be as quick as an hour or so... all the way to overnight.

    How long is not my concern, just…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. UTM WebFilter Authentication Method Hierarchy

    Current behavior: UTM selects an Authentication method based on Client IP and Mode (and optionally device operating system). If the Authentication Method is not feasible, UTM takes the Filter Profile's default action rather than attempting an alternative method.

    Specifically, if an SSO method is matched, but no SSO identification is available, then UTM should be able to fail over to Agent, Browser, or Basic authentication before taking a default action.

    Similarly, if Agent authentication is matched, but the Agent is not installed, not running, or not configured with any credentials, then UTM should be able to attempt browser or basic…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Include Invincea's Deep Learning Engine (Machine Learning) on the UTM

    Since Sophos has purchased Invincea, I am requesting that Sophos included Invincea's Deep Learning Engine (Machine Learning) on the UTM itself.

    Now that Sophos has acquired Invincea and their scanner's ability to detect new malware before it executes, if the scanner was included on the UTM, it could increase the detection of unknown malicious files before they execute.

    With the combination of Sophos' database of known safe files which it could check files against, Sophos could avoid the problem of false positives from Machine Learning detection.

    I am requesting that Sophos add this Machine Learning layer to the UTM to…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Applications using proxy can negotiaition ceritifctes on 443

    Hello,

    Recently I had a problem with the dropbox application for desktop pc. the proxy was not logging all traffic that was passing through the proxy for this application. after speaking to support they said:
    I have tried to reproduce the reported issue in our lab and found same behavior.

    As enabling the proxy the traffic passes through port 8080 further preventing the certificate negotiation on port 443.

    As the google sign-in page traffic hopefully getting block at proxy. I tried to apply many rules to allow the traffic but unfortunately the proxy is hindering to pass into.

    I would…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. I have many windows 10 who RDP actived without domain controll and the policies web controll can be set but will not work! This I'd love i

    I have many windows 10 who RDP actived without domain controll and the policies web controll can be set but will not work! T
    this function if it were implemented would help a lot my work and the protection of remote desktop users.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. DNS info forwarding from internal DNS to UTM

    Situation: One of my host ask my internal dns about suspicious address and than dns is asking through my UTM. ( that is why UTM has no idea about client and produce false infothat my dns is trying connect to C&C). This is very common situation in every company. My suggestion is for you to consider to write special software installed on DNS (windows AD). This software communicate with UTM and give it all info about clients dns queries. Its simple program but can change a lot because UTM would then inform me who is REALLY asking dns about suspicoius…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Change Web Protection so that active connections get cut off when a time limit rule takes effect

    Refer to this post:
    https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/84096/youtube-and-google-bypass-web-filtering-profile-block-once-content-is-loaded-in-chrome-tabs/314877#314877

    The issue is if I have time limits established in a Policy to cut users off from surfing during certain times of day, if that user has an active established connection to say youtube, when the rules time limit takes effect and puts the block in place, the active connections are not cut off, the user can continue to watch youtube until they terminate their connection to youtube in this example, at this point if they try to re-establish the connection, the web protection rule stops them for creating a new connection.

    I've now got…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Protection: Realtime Per-User Bandwidth Monitor

    For the purpose of analyzing the current outgoing traffic usage we need a live view of the users’ HTTP connections via the Web Protection proxy along the possibility to sort it by bandwidth.

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos Web Appliance WPAD integration

    It would be useful to be able to load a WPAD.DAT or PROXY.PAC in Sophos Web Appliance to not using another external web server.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sandstorm: Improved feedback for the user

    Hi, it would be nice to have a progress bar or a rough estimate in the Sandstorm checking page, also it would be nice to make it more visible to the user that a scan is taking place and the file is being scanned.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Cache Intermediate HTTPS issuer certificates

    When browsing to poorly configured web sites that don't provide a complete certificate chain, the UTM certficate validation will block the site as untrusted.

    Browsers can work around these poorly-configured servers by caching intermediate issuer certificates from well-behaved servers.

    Let site A and site B have certificates issued by intermediate issuer Z. Site A provides the full chain, site B is badly configured and does not.

    If a user browses to site B first, the browser will issue a security warning because it can't find the issuer certificate to validate the certificate chain.

    If a user browses to site A,…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Web Protection: Use Network Range objects in allowed network list for filter profiles

    Enable web filtering profile to use range objects for the allowed network list.
    Web Protection → Web Filter Profiles → Filter Profiles

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Block File transfer by Skype

    Adding blocking of File transfer by Skype

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make a Chrome Extension that utilizes the same interface as Endpoint client, for browsing restrictions.

    Or at least make an API available, so we can develop browser filter for chromebooks in-house.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Protection: Read X-Forwarded-For header for policy

    Would like to see added the ability for the Web Protection proxy to read X-Forwarded-For from an upstream device. For example, users connecting through a load balancer would have the load balancer's information and not the original user's source information. Reading X-Forwarded-For would allow the appropriate web policy to be applied to users coming from the same IP address.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.