SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sandstorm: Improved feedback for the user

    Hi, it would be nice to have a progress bar or a rough estimate in the Sandstorm checking page, also it would be nice to make it more visible to the user that a scan is taking place and the file is being scanned.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Cache Intermediate HTTPS issuer certificates

    When browsing to poorly configured web sites that don't provide a complete certificate chain, the UTM certficate validation will block the site as untrusted.

    Browsers can work around these poorly-configured servers by caching intermediate issuer certificates from well-behaved servers.

    Let site A and site B have certificates issued by intermediate issuer Z. Site A provides the full chain, site B is badly configured and does not.

    If a user browses to site B first, the browser will issue a security warning because it can't find the issuer certificate to validate the certificate chain.

    If a user browses to site A,…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Web Protection: Use Network Range objects in allowed network list for filter profiles

    Enable web filtering profile to use range objects for the allowed network list.
    Web Protection → Web Filter Profiles → Filter Profiles

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block File transfer by Skype

    Adding blocking of File transfer by Skype

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make a Chrome Extension that utilizes the same interface as Endpoint client, for browsing restrictions.

    Or at least make an API available, so we can develop browser filter for chromebooks in-house.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Web Protection: Read X-Forwarded-For header for policy

    Would like to see added the ability for the Web Protection proxy to read X-Forwarded-For from an upstream device. For example, users connecting through a load balancer would have the load balancer's information and not the original user's source information. Reading X-Forwarded-For would allow the appropriate web policy to be applied to users coming from the same IP address.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create an option to allow NON standard ports for specific websites

    We have a lot of customers using NON standard ports for specific websites. The only (working) option is to add a service port to the Allowed Target Servives. It would be preferable to be able to add the specific exeption (portnumber) only for the specific URL, instead of an global exeption for those ports.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Reset HTTPS connection instead of URL Filter block page

    As an option, please provide the ability to drop or reset an HTTPS connection to a blocked web site when "URL filtering only" option is set. Reset may be preferable to drop so as to avoid timeouts. The default behavior of responding with a block page is helpful except that it causes certificate errors for clients who do not have the UTM certificate in their trusted CA list. When not using web filtering for true MITM scanning of content, it seems excessive to deploy the UTM cert throughout one's environment, and can be especially challenging on some devices. A simpler…

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Better Website management in Webfilter

    Right now the Website list in Webfiltering has very limited management options. Importing or deleting longer lists is not possible because the page freezes. It would be great to have export and working bulk edit options.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. make it easy to post proxy.pac files on the management server. Upload the file, server spits out a URL, and give that URL out to our users.

    In regards to Sophos Web appliance/proxy, it would be very convenient if we could generate a pac file, upload it to the Sophos management appliance server, have it spit out a URL that we can give to our users. This would simplify the process and allow us to not have to rely on another server to host our pac file.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Webfilter: Ignore extraneous root certificates

    Many sites include a root certificate in their downloaded chain. This is either a remnant of cross-root certificate mapping or a configuration error.
    All tested browsers ignore the self-signed certificate as long as the same root certificate is installed in the trusted certificate store.

    Unfortunately, OpenSSL, and therefore UTM, are not able to detect that the supplied root certificate is unnecessary, so the connection is blocked. Because of the significant number of sites with this configuration, it is a significant problem.

    This link has an extensive discussion of the problem:

    https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest

    The discussion asserts that the RFC permits inclusion of…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Notification of Proxy Routing

    There needs to be an alert or notification that when setting firewalls for Internet IPv4/6 as a destination that the subnet of the two networks that shouldn't talk to each other are added to their respective web proxy profile blocklist.

    I have encountered many people that are not aware that the web proxy routes. Many people do not test their security configurations and this functionality (proxy routing) goes some time without being realized.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Attachment, link, and file emulation

    Email is a huge vector for malware. Not all of it comes in as an attachment. Links in email often lead to NEW malware. NEW versions of malware are attached or embedded into Office documents. Files users download may have NEW undetected malware in them.

    Palo Alto has Wildfire. FireEye has a similar service/appliance. Each service takes URLs, Office documents and unknown files and detonates them in a sandbox to determine if they are malware. Previously unseen downloaded files are uploaded to the same service. When NEW malware or malware links are discovered, an update is pushed to all subscribing…

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Web Protection: Selectively allow range requests (AKA improve iPhone media streaming)

    Mobile devices like the iPhone/iPad use HTTP range requests when accessing media content. Range requests allow a client to request a specific range of bytes from a file on the server, rather than downloading the whole file in one go.

    Unfortunately downloading a file in small chunks makes it impossible to scan that file for malware. Indeed, it could provide a handy way for a malicious program or actor to circumvent gateway security measures and deliberately download malicious code.

    For this reason the UTM will block range requests. The only way around this at present is to exclude the site…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable the admin to remove unused Website Tags in Web Filtering

    If one defines a website tag in the UTM for a collection of URLs, then later desires to fully delete the tag (the tags remain in the configuration db even if not assigned to any URLs), there is currently not a way to do this. I contacted support and they said this would be a feature request (seems like missing basic functionality to me).

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Huawei P8 Lite Fitbit Flex Connection 2

    Huawei P8 Lite Fitbit Flex Connection 2
    Hello
    A friend recently gave me her old bracelet Fitbit Flex 2. It is reset but we are unable to connect it to Bluetooth with my Huawei P8 Lite while we get there with other devices... Have you ever encountered this problem? Solutions?
    Thank you, everyone.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. editable, multi lanquege, custom block page

    Hi,
    Since a couple of months we working with you UTM product... and I love it.
    I have one missing point in the UTM.
    We are a dutch company with a lot of employees who have difficulty reading English reports or can not read them at all.
    It should help this users if the blockpage was displayed in there own lanquege.

    This can be achieved by providing blockpages multilingual (seems to me to be impossible for you), making them editable (everyone can store their own messages) or creating the option to make a link to a custom page for each…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Web Protection: Youtube and blocking specific categories

    Coming from another vendor one of the features I like/had was that I could block categories within YouTube. We are a School District that needs to access YouTube (YouTube for Education has limited content). It would be nice to setup a policy or rule to be able to block these YouTube Categories.

    Currently available categories are:
    • Film
    • Autos
    • Music
    • Animals
    • Sports
    • Shortmov
    • Travel
    • Games
    • Videoblog
    • People
    • Comedy
    • Entertainment
    • News
    • Howto
    • Education
    • Tech
    • Nonprofit
    • Movies
    • Movies_anime_animation
    • Movies_action_adventure
    • Movies_classics
    • Movies_comedy …

    157 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. upload bandwidth report

    Customer would like a report of upload bandwidth used so that they would be able to identify any possible data leakage if they can identify users that have high upload bandwidth usage.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Time based rules for traffic throttling or shaping

    It would be very helpful to have time-based rules for traffic throttling or shaping. For example, users at our office access Facebook and we don't want to block it - just make it less of a burden on our Internet connection.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.