SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Change httpproxy to 64-bit application.

    We can only use 4GB memory space with httpproxy.
    Therefore, it is not possible to sufficiently use the hardware resources with the SG 650 or the like high-end appliance.
    Please change httpproxy to 64-bit application.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Crypto currency Catagory for content filtering

    Hello Sophos,

    While managing UTM appliance we have observed lot of user started browsing sites related to “cryopto-curancy” and "mining of Cryto-currancy". These sites are hogging my bandwidth

    when I search these websites they fall under finance category which is making job difficult to block such website

    My request you to please create separate category for CRYPTO CURRENCY related sites so that we can use/enjoy appliance features optimally

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. HTTPS Signing CA should be restricted

    The HTTPS Signing CA should be restricted to Enhanced Key Usage Server/Client Auth, Basic Path Length Constraint = 0 and no private key download should be allowed.

    The Certs signed by this default CA are (or should be) used only for Server/(Client) Auth?! Currently the CA has no restriction for Enhanced Key Usage and Basic Constraint path length. So a (compromised) CA could offer certs for any purpose and build unlimited SubCAs.
    [The Path len may not be so vulnerable, because keyCertSign isn't set]

    Also it shouldn't be allowed to download this CAs private Key. For what purpose (other than…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make The Refer To Sandstorm Option in Web Filtering Exception To Be Edited Even if Without Sandstorm License

    Hello Team,

    Customer is requesting to Make The Refer To Sandstorm Option in Web Filtering Exception To Be Edited Even if Without Sandstorm License.

    The checkbox on the Web Exceptions form is disabled.

    The problem is that some of my exceptions have the check box checked and customer can’t uncheck them.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Proxy should honor Country Blocking Exceptions

    Currently (9.506-2 and prior), Web Proxy enforces country blocking but ignores country blocking exceptions. Support says this is not a bug, although it is hard to justify why making the product work as expected should be considered a "feature" request. Their workaround is to disable URL filtering for desired exceptions, but this also disables other policy checks that we want, such as blocking access to Social Networking Sites.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Fully support QUIC (HTTPS via UDP)

    Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
    I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

    More about QUIC can be read here : https://www.chromium.org/quic

    With that said, I would like to see full support for QUIC natively in Sophos UTM…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Treat UTM Proxies as Network Protocols

    When adding a new 'Service Definition', we need to be able to pick one of the proxy services as the 'Type of definition' so that we can enable tighter security on non-standard ports.

    An example of this would be to define a new service named "HTTP.8080" of type "HTTP" source port "1:65535" and destination port "8080" to allow 8080 traffic to still be scanned by the Web Security HTTP proxy.

    Another example of this would be to make a new service named "HTTPS.444" of type "HTTPS" source port "1:65535" and destination port "444" to allow 444 traffic to still be…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. transparent proxy intercept all ports

    in transparent proxy mode, all access to websites on standard ports 80 and 443 are intercepted and will use the web filter. However websites which use a different port, for instance http://website.com:1234 are not intercepted, but this traffic will directly flow through the firewall module and therefore needed to define a packetfilter rule (missing virusscan etc).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. grayware

    what is grayware verdict classifies files that behave similarly to malware, but are not malicious in nature or intent. A grayware verdict might be assigned to files that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows you to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly.
    Antivirus signatures are not generated for grayware and security policies cannot be enforced based…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. allow web filtering exceptions to use the referrer field as well as the URL field

    This would enable (for instance) youtube videos to be accessible as long as they were referred from a trusted website.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. OneDrive for Business

    We need the possibility that the web proxy with active https scanning scans the Microsoft One Drive for Business and SharePoint data Synchronisation files

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Rewrite URL for URL Shortening services

    Rewrite URL shortening service URLs to force redirect mode, which is visible to the user and to UTM, instead of allowing transparent proxy mode, which is invisible to both. Longer commentary at this community forum entry.
    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/89896/url-shortening-service----rewrite-to-force-redirect-mode---feature-request

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. cPanel and WHM ports

    Add cPanel and WHM ports to "Allowed Services" by default.
    Ports 2082, 2083, 2086, 2087, 2095, 2096

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. exe filter bypass

    have an issue this link downloads an exe and bypasses my exe filter - http://www.tec-it.com/forward/vc2015x86redist-14.0.24215.1

    this link (http://software.bigfix.com/download/bes/util/Sha1.exe?cmmcuid=03907949092314956501473&cmmcsid_50200000=1495650147) is blocked by my exe filter

    this is a very big bug - is the first link even virus scanned

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow multiple authentication methods for Web Protection (Non Windows/Mac OS X devices)

    I would like a feature that allows devices to connect to the internet without authentication method but also allow the user to log in through the browser at any point in the session to gain their filter group.

    Ex. Allow the user to log into a Chromebook without authenticating to UTM and be awarded the default profile. At any time they are blocked by the strict default profile it should allow the user to specify their username and gain their groups specific profile.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Sandstorm customize web messages

    Possibility to customize sandstorm web messages (translate)

    75 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. URL Submit for Reclassification

    It would be beneficial to have a reply from Sophos after submitting a URL for reclassification. If the reply could indicate that it was completed and also what Category was chosen for it...

    Currently we are using a tag to allow a site when staff need it right away.... then we wait a day and spot check for the category and remove the tag once this is complete.

    The time it takes after submission until it is completed seems to be as quick as an hour or so... all the way to overnight.

    How long is not my concern, just…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. UTM WebFilter Authentication Method Hierarchy

    Current behavior: UTM selects an Authentication method based on Client IP and Mode (and optionally device operating system). If the Authentication Method is not feasible, UTM takes the Filter Profile's default action rather than attempting an alternative method.

    Specifically, if an SSO method is matched, but no SSO identification is available, then UTM should be able to fail over to Agent, Browser, or Basic authentication before taking a default action.

    Similarly, if Agent authentication is matched, but the Agent is not installed, not running, or not configured with any credentials, then UTM should be able to attempt browser or basic…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. I have many windows 10 who RDP actived without domain controll and the policies web controll can be set but will not work! This I'd love i

    I have many windows 10 who RDP actived without domain controll and the policies web controll can be set but will not work! T
    this function if it were implemented would help a lot my work and the protection of remote desktop users.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Include Invincea's Deep Learning Engine (Machine Learning) on the UTM

    Since Sophos has purchased Invincea, I am requesting that Sophos included Invincea's Deep Learning Engine (Machine Learning) on the UTM itself.

    Now that Sophos has acquired Invincea and their scanner's ability to detect new malware before it executes, if the scanner was included on the UTM, it could increase the detection of unknown malicious files before they execute.

    With the combination of Sophos' database of known safe files which it could check files against, Sophos could avoid the problem of false positives from Machine Learning detection.

    I am requesting that Sophos add this Machine Learning layer to the UTM to…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.