SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ssl vpn on XG

    possibility to add DNS to every different VPN Users group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. Parallel use of old certificates after Signing CA regeneration

    My customers are using SSL-VPN.

    There are certain circumstances, and they need to regenerate the Signing CA.

    As you know, after regeneration VPN users must use new certificates.
    In other words, users will not be able to make remote access connections with old certificates.

    However, it takes time to distribute new certificates to users.
    Before a new certificate reaches the user, not being able to connect to the remote access will hinder their business.

    I request it.
    Please allow remote access connection from clients of old certificate and client of new certificate until user gets new certificate.
    Also, please be…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Different WAN Port for different SSL VPN

    For example, for WAN 1, I will let sales group to VPN to access certain areas of the network, For WAN 2, I will only let those road warriors to access a more restricted area of the network instead of using 1 WAN link that gets filtered by the UTM level. My previous vendor, Watchguard, do have such function, except that Sophos has a higher throughput.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add Intelligent Notification for IPSEC Tunnel Up/Down

    Hello Sophos,

    For many of our customers, we had configured a number of IPSEC Tunnels and enabled the notification when a Tunnel goes Up/Down. Due to Dead Peer Detection (DPD) the tunnel going down due to inactivity and coming up again, Which sends a number of Up/Down notifications which are useless for us.

    1. Shouldn't Sophos be smart enough to recognize the status change is due to Dead Peer Detection and do not send a notification?

    Or

    2. An alternate solution to the problem is if you can introduce an alert which sends a notification only when a tunnel is…

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. HTML5 VPN Portal for iOS

    The HTML5 VPN Portal works for almost all platforms exept iOS. It would be great if you could add support for RDP/VNC connections on iOS devices.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Http prxy graphical real time presentation

    One thing I would have liked in Sophos UTM is a status report for the http proxy, as I find it difficult to see what the http proxy computes when the proxy eats most of the CPU.

    I would love to see a webpage with graphical presentation of all proxy requests that take longer than X ms (adjustable). For each of these requests, I wish information about:

    • Who/source (hostname/IP address) that created the request
    • Destination URL/Destination (Protocol, Url/IP Address) to which the request refers
    • Current processing time, ie, how long has the proxy worked with the request …

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. Deliver Complete Certificate Chain for User Portal

    The user portal in the UTM is not able to deliver the complete certificate chain. It is missing intermediate certificate due to which our VPN Portal is categorized B on online SSL Testing websites.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. Route Based IPsec tunneling

    To connect more than one location to a microsoft azure environment it is neccesary to build route based IPsec connections. In future Microsoft azure will be a important solution platform, so many customer will use this solution.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add the feature of adding IP List on SSL VPN Allowed IPv4 network settings

    Currently there is no option to add an IP list in allowed ipv4.Network resources. This feature was there in Cyberoam. Post migration to Sophos, it wasnt possible.
    Request to add this feature, so that ACL will be more sophisticated at Firewall Level.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. Notifications for failed VPN login

    It would be good if notifications could include failed VPN connection attempt.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. Whitelist SSL VPN

    Currently there's no way to isolate specific SSL VPN users in Sophos. While a Firewall rule can be set to access the whole service there isn't a way to allow users A, B & C access from any network but limit user D to only a specific IP or range.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. openvpn 2.4

    my uses sometime connect but cant access network resources - they try again a couple of hours later and it works

    the net says there are issues with windows 10 and these are mostly fixed with openvpn version 2.4

    as version 2.4 has just come out it may be worth waiting until 2.4.5 for any bugs to be fixed but to schedule this into the UTM development pipeline

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. VPN: Local VPN ID choices with IPsec PSK

    This has been marked as "completed" but to my understanding is only half complete.
    Having multiple IPSec site-to-site tunnels autheticated by PSK, one still can't freely choose the ID for each tunnel.

    Given I have multiple tunnels to customer networks (where I can't change the ID Type expected for my host)
    some expect me to give the external IP as Peer ID others expect the hostname (which sometimes doesn't even match the real one)
    Under current 9.4 I can only set my ID once for all tunnels but not individually per tunnel.
    So any Connection should also allow to edit…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. Changing the Tunnel name of Amazon VPC site-to-site on UTM

    Hello Team,

    We have a request here from our customer to habe option to rename the Tunnel name of Amazon VPC site-to-site on UTM. Right now, all of Amazon VPC site-to-site VPN tunnel names are _vpc-0_ in their UTM configuration. There are requesting the option for have it to be rename for them to make it easily identifiable.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. There should be a way to log out/ disconnect PPTP Users from Cyberoam device

    There should be a way to manually disconnect logged-in PPTP Users from the cyberoam device. This is giving us big issues as we have to reboot our cyberoam device when multiple users.

    the scenerio is that, when there system suddenly goes off due to power outage, they find it so difficult to reconnect because we assigned a static IP to the users. the only way out is to reboot our device

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. Set MTU for SSL VPN and enable "engine aesni" for OPENVPN

    For make ssl-vpn faster, I would like to set MTU for SSL VPN and enable "engine aesni" for OPENVPN on AWS Sophos UTM9.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. rulechecks sslvpn clients

    We would like restrictions to be checked on when sslvpn clients are connecting towards the network.

    For example if someone is running a specific service, the network connection is allowed, and otherwise not. or for exampe, if there is no anti-virus running from a specific vendor.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Geo Location based VPN access

    Allow the remote user to access SSL VPN based on their geo-location.

    For example, if we have two remote users say, user1 and user2.

    We want to allow user1 to be able to connect to VPN from the US only and in the same way, we want to allow user2 from India only.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. limit a SSL VPN profile to be able to login just from a specific IP address

    I need to limit a SSL VPN profile to be able to login just from a specific IP address and another profile no limit !!!!

    I understand that I can simply open/close the User Portal and prevent access to the client/certificates but this is not that I am looking for because not vpn profile aware !!!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. The HTML5 VPN Portal should have a Wake On LAN feature when connecting to a PC over RDP

    The HTML5 VPN Portal should have a Wake On LAN feature when connecting to a PC over RDP. This would enable power savings to be turned on while providing users with the ability to remotely wake and connect to their PCs/Servers over the network (say for a standby environment).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.