SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide functional bundle lists for enabling or disabling

    Provide functional bundle lists for enabling or disabling, for things such as Google Android services, Apple cloud services (iTunes, iPad, whatever), Office365 synchronization services, etc.

    This could save some big headaches and research time in hunting down all the servers that need to be whitelisted for customer networks where these devices are used.

    And these lists could be updated with the other definitions.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Opera VPN Application

    Dear Sophos Support Team , Hope you can prevent Opera VPN application from connecting and bypass web protection of Sophos UTM

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Google SafeSearch

    - You are using Sophos UTM with Web Protection

    - You did not enable HTTPS filtering too complicate...

    - You block the X sites, but Google Images displayed pictures are not permitted ...

    This is due to the fact that Google searches are done in HTTPS and if the HTTPS filtering is not active then the UTM UTM can not scan the contents of Google search ...

    However, there is a virtual IP provided by Google SafeSearch forcing queries. The searchs are then blocked by Google.

    https://support.google.com/websearch/answer/186669

    Note: The check box in the UTM Enable Google SafeSearch is not functional…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Parent Proxy failover options

    Some options are required to determine what happens when a parent proxy is not available. Now it takes 5 mins for the UTM to realise the parent is not available and to move to the next proxy in the list or revert to the default route. Ideally a function like TMG where an upstream proxy can have a backup proxy set or a "direct to internet" option would be best.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow NOT matching for host names in parent proxies

    The ability to use NOT statements in parent proxy host matching would enable us to send selected traffic out through a secondary routed connection (not network default gateway) whilst still enabling us to use transparent proxy (we cannot set proxy exceptions and do not wish to on the client).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support server-sent-events (HTML5)

    SSE being blocked by web protection. When you switch off Web Protection SSE will work again. Server-sent-events use the text/event-stream MIME type and the connection remains open for long periods of time. No data gets to the client when Web Protection is enabled - I'm guessing because it is treating it as a download and waiting for it to finish before passing on to the client.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. To disable the Website blocked notification in Sophos Endpoint.

    Most websites now have advertisement on it, so a notifications that it is blocked is expected. And it keeps on appearing to the point that it is already annoying. There is an article regrading a workaround but you have to edit a Registry PER station.

    I need you to add a feature to disable the notifications in a Sophos Manager(cloud or on premise console).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Default Order of filter policies

    When creating a new Web Filter Profile, I need to reorder the filter policies each time since the order they are listed seems almost random. If would be nice if the order of the policies followed the order in which they are set in the Web Protection->Web Filtering->Policies screen.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Cloning Web Filter Profiles

    Most things in the UTM version 9 can be cloned. One exception is Web Filter Profiles. We have different profiles for all of our schools primarily because we need/want to use a different plublic IP to NAT the traffic. It would be nice to be able to close a Filter Profile

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. URL exceptions for HTTPS access

    Today is not possible to have URL exceptions for HTTPS sites that are blocked due to their categories or blacklists. The reason is that these two stages take precedence over the more granular URL addresses, as they happen earlier in the chain of verifications to block sites before the SSL tunnel establishment.

    Is not possible, for example:

    To block the https://letsencrypt.org by blacklist or category and creating a URL exception for https://letsencrypt.org/images/linux-foundation.png.

    My proposed solution is to provide, in the exception rule itself, the indication of the domains that this rule should match. This way it would be possible…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make Full Web Control for Sophos Enterprise Console possible for Web Filter Profiles

    At the moment the full web control feature is only possible with the normal web filtering mode. Please make this feature possile for the web filter profiles! in an bigger enviroment you need to handle the proxy over web filter profiles, so that the full web control mode on SEC and the UTM is useless at the moment...

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow referer links from trusted web sites without need to allow all advertisment web sites

    We have a corporate perks web site, and for some perks it redirects via Doubleclick and other such sites - unfortunately we block "Advertisements & Pop-ups" (which includes this doubleclick domain) and so the user is blocked from reaching the end page.

    Could an option be added so that the HTTP referer header is checked - and if that is on the trusted list, allow access.

    This would allow us to say that links from our Corporate Perks page are allowed, but still block all other accesses to doubleclick referers etc.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add a feature to search for time and IP address of the website in the Reports and Search function in the web appliance

    Request to add a feature to search for time and IP address of the website in the Search function in the web appliance. Currently, only web address or URL are accepted in the Search tab. And on the Reports tab, no section to search for Time, only by day is accepted.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Create an option to allow NON standard ports for specific websites

    We have a lot of customers using NON standard ports for specific websites. The only (working) option is to add a service port to the Allowed Target Servives. It would be preferable to be able to add the specific exeption (portnumber) only for the specific URL, instead of an global exeption for those ports.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Interactive Connectivity Establishment (ICE) – RFC 5245

    Interactive Connectivity Establishment (ICE) – RFC 5245 is missing in Application Control.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Introduce a mechanism by which particular browsers, for example, Firefox may be blocked by the Sophos UTM.

    We are looking at Sophos UTM as a possible replacement for our current Microsoft 2010 TMG instance. Within The HTTP filter on TMG 2010 it was possible block content based on signatures within the request header. For example, to block Firefox, TMG 2010 could be configured to identify the Firefox user-agent within the request header and block it if need be.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Clean Advertising (HTTP and HTTPS without Certificate)

    PFSense has a great package called SquidGuard that can be set to display a blank gif image instead of the default block page for advertising. This works extremely well with HTTP & HTTPS (No need to install a certificate). I am aware you can set a custom block page for advertising, but I have had no luck with this in XG. Also browsers like IE complain about revocation errors with XG when it filters HTTPS advertising, but PFSense just blocks it with no errors.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Option to redirect to port 80 when SSL certificate is invalid

    I am finding blocked sites because the server has port 443 open even though SSL is not used. Most often, the site is hosted on akamai, and the server has a default certificate for a248.e.akamai.net. Sometimes this occurs because the user does a Google search and Google's search result uses HTTPS. I suspect that their search database favors HTTPS over HTTP when both are available.

    When I contact site owners, they are generally not motivated to close port 443, and the Google search database will be slow to update even if they are responsive.

    It would be helpful to have…

    0 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Blocked website list from SUM

    Need a way to deploy a blocked website list from SUM without requiring standardised filter action because every site has different categories blocked etc and can't just create a new filter action that applies to everyone with a blocked list in it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow HTTPS Decryption Exception based on Signing CA or Specific Certificate

    Configure exceptions based on a Signing CA or based on a certificate. If USM web proxy requests an outbound HTTPS connection, and the returned certificate is signed by a specific CA cert or the cert returned matches a specific certificate, and that cert is (optionally) valid, then bypass HTTPS decryption and pass the connection on to the internal client. This would make things much easier to make exceptions for Microsoft OneDrive, where there are a ton of URLs and even some IP addresses that need to be added to the exception list in order to make it work. Id rather…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.