SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. fix the issue with IE9 and IE10 crashing when UTM Web Filtering is set to transparent and HTTPS is set to URL filtering only

    Fix the issue with IE9 and IE10 crashing when UTM Web Filtering is set to transparent and HTTPS is set to URL filtering only.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Chance,

    Thanks for sharing on our feature site. To be clear, the issue with IE crashing is caused by a fault in IE, and not in UTM9/10. Sophos cannot address the issue directly. However, we did release a patch in version 9.314 and later, which changes the timings of the delivery of error pages. This patch does not solve the problem, but it almost completely avoids the problem crashes. Please make sure you are running a current firmware version, or make sure your users are using at least IE11.

  2. Web Security: File extension blocking inside archives

    the need to block specific file types will have multiple customers and with the Extension-filter it works just under the circumstances that files are not inside an archive.
    There is the need to block these files also in f.e. "ZIP" archives.

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Web Security: Show Block Page for HTTPS Sites

    Hello,
    actually if an HTTPS web site is blocked due to proxy settings (ie. you want to block https://www.facebook.com) the user does not shows the classic "Blocked content page" by Astaro, but he sees a generic browser error. It seems that it happens because of a security modification applied by all browser producers (IE, firefox, opera, ecc). Astaro should conform to these new changes, otherwise all users could think that the website they want to see is not reachable cause of techical issues (generated by their network admin or by remote web site admins).

    I think this request is…

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Web Protection: Google App domain controls via HTTP header insertion

    Google supports a ways for organizations to limit which Google Apps domains users are allowed to visit. This is done by adding an HTTP header to outbound requests containing a list of allowed domains.

    http://support.google.com/a/bin/answer.py?hl=en&answer=1668854#providers

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Change the format of HTTP Proxy warnings if website is not avaiable

    Very often, when a user tries to access to a web site that is not avaiable, he contacts me in order to report that Astaro blocked the site. This because common users DOES NOT READ the reason of the block (ie. "No Route to Host" or "Request timed out").

    It would be useful to differentiate the format of warning page.


    • The actual format for content blocked (not allowed sites)

    • A new format for error connection to the web sites

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Firewall / Proxy Time metering limit

    time consumption measurement period for definitions. e.g. 3 hours between 10.00 und 18.00 clock as child protection.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Web Protection: Content filtering of HTTPS URLs by SNI

    Enable the option to content filter HTTPS URLs without the full man-in-the-middle interception by doing lookups and categorization on the domains that are reported as part of the certificate exchange. While not as secure as full HTTPS interception, it would solve our problems and remove the need to do the full HTTPS roll-out procedures.

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Web Protection: Device-based Authentication Profiles (BYOD)

    ability to discover phones and tablets trying to get on the network.

    If a user is trying to get on the network, the admins would like to automate the process and reduce the interaction required by users or admins.

    If an employee brings their smart phone to the hospital, they get some sort of log in screen automatically, they check the box, agreeing to terms and the rest of the authentication process would be automated. Like logging on to a hotel network on a laptop.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web Protection: Coaching Mode for Warning / Educating User

    Today with UTM we can only allow or block a web site based on the categorie.
    now customer what is called a coaching mode where user get a warning that he is about to get access to a web site that is not relevant for his job and not compliant with the security policy
    The goal of that approach his also to educate customer regarding his web browsing habits and advise him that It knows what he does
    most of our competitors in web security do that
    and Sophos also provide this behaviour/mode with his Sophos Web Appliance
    so i…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Web Security: HTTPS / SSL Scanning Only for SafeSearch

    In order for SafeSearch to work all of the time with Google, Yahoo, and Bing, we need to cover HTTPS / SSL Scanning as well. However, implementing HTTPS / SSL Scanning system wide impacts every other HTTPS / SSL service transiting through the Astaro Security Gateway. Developing rules to work around those impacts, if even possible, is coming to be a full time job.

    The feature request is for the Astaro Security Gateway to implement HTTPS / SSL scanning ONLY for the SafeSearch sites. This could be accomplished through a simply check-box either on the Web Security >> Global tab…

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    In Sophos UTM 9.3 we have built the ability to selectively include sites in HTTPS filtering, rather than having to include all sites and then create exclusions.

    This feature will allow you, for example, to select sites by category (e.g. only HTTPS scan ‘Search Engines’) or by website tag (e.g. add a list of sites to scan to the Website List and apply the same tag to them all)

    For more information on this feature and the others introduced in Sophos UTM 9.3, see the following blog post: http://blogs.sophos.com/2014/11/10/sophos-utm-advantage-9-3-is-coming-soon-find-out-whats-new-2/

  11. Web Security: Support YouTube Educational Features

    YouTube has a "for schools" (http://www.youtube.com/schools) option that requires either a custom HTTP header to be sent with requests, or a URL rewrite (much like the safe-search options already available).

    I would like to see an option to create a custom HTTP header or URL rewrite for sites other than the 3 safe-search ones that exist. I suggest adding the ability to append a string to URL's that match a regex at the proxy or filter action level (e.g. For sites that match ^https?://(www.)?youtube.com/.*, add "X-YouTube-Edu-Filter:<string>" to the HTTP header, or "?edufilter=<string>" to the end of…

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Network Security: Split Country Blocking to Inbound/Outbound

    I need to block countries inbound but need to allow for all users to outbound to anywhere. Please change the single check box per country to a double check box, one for outbound blocking and one for inbound blocking. This way I can block certain countries from trying to contact (hack) us but allow all internal users to go anywhere externally. I like the idea of country blocking for security but it is unuseable for us as internal users cannot be restricted outbound

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Security: Optimize SSL handling for AES-NI Supported Algorithms

    With the inclusion of AES-NI support in Version 9, it should be considered how to best utilize this acceleration to realize the massive gains possible. Currently, the client and server "talk" and decide which streams to establish and which encryption should be used.
    The negotiation should be tweaked/modified to prefer AES-NI supported algorithms. This will make sure that we can re-order or optimize this so that we promote the algorithm modes that we can accelerate.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Due to updates by various projects (like LIB-OPENSSL) this is already possible and will be present in UTM9

  14. Web Security: One-Click Content Filter Override

    My organization does not have public workstations, so it's not necessary to enter credentials each time a website is unblocked. The users are already authenticated through Active Directory, which provides an accurate log of who is unblocking a certain site. I am requesting an option in the HTTPS/Profiles section to allow one-click unblocking.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    I’ll mark this as completed since we easily allow such sites already as mentioned by Scott.

  16. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. WebSecurity: Local Override of Site Classification

    It would be nice to have my "own" categorization of a web site.
    This is useful for when I disagree with the URL filter and want to have it the way I see it instead.
    Also, it is particularly useful for the occasional un-categorized site! It's often easier to simply categorize it myself vs. waiting for it to be accommodated by the engine.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add support for Server Name Indication to the HTTPS Proxy

    Server Name Indication (SNI) can be used to host multiple SSL sites on a single IP/Port. See http://en.wikipedia.org/wiki/ServerNameIndication for details.
    All the recent browsers support this feature, it would be great if the HTTPS Proxy would, too.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Security: URL Category Check in WebAdmin

    include the bottom with this link into URL Categorization tab, to reach fastly the link to offer a possible categorization for uncategorized websites. It's also a very fast way to figure out how a specific website is categorized.

    http://www.trustedsource.org/en/feedback/url

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.