SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Full mesh VPN - something like Cisco DMVPN technology

    Full mesh VPN - something like Cisco DMVPN technology

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSL VPN reconfiguration

    SSL s2s VPN. There are seted up for branchs it’s own Server instance. And I faced strange behavior. After I reconfigure any server instance (for example add local network), EVERY SSL s2s VPN tunnels goes down and after some time it reconnect again.

    Regular OpenVPN server can work without that issue! So I believe that Sophos too.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. HTML5 VPN Portal: Copy and Paste from Local Machine to Remote and from Remote to Remote

    Please add the feature for the copy and paste from local machine to HTML5 session. It would also be nice to allow copying from HTML5 session to another HTML5 session.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. prompt for credentials when using NLA with HTML5 VPN Portal

    Instead of having to enter static credentials in the Admin Portal for RDP connections with NLA, the user should be prompted for their credentials when using the connection. Having static credentials doesn't make sense when only admins can enter them (meaning the admin has to know everyone's credentials) and passwords are changed on a regular basis (meaning the admin has to update the password on every connection every x days).

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support packet fragmentation for packets arriving from internet that will be crossing an IPSec VPN tunnel

    Currently packets >1500 bytes from our ISP connected to a UTM (v 9.404-5) are accepted and fragmented for traffic destined to a LAN. However, packets > 1500 bytes from the internet that will cross an IPSec tunnel (also terminating on the UTM) to reach a remote network are rejected with the UTM sending an ICMP fragmentation needed.

    If the UTM will accept jumbo packets and fragment for the LAN, it should do the same for traffic to networks across a VPN tunnel.

    See case 6142979 for additional details.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. IPSec Site to site policy IKEv2 SA Throughput

    To configure a stable site to site with Microsoft Azure on a UTM 210 with a poilcy based route you have to configure the Phase 2 security association (SA) Lifetime (Throughput) as well as the time because without it the site to site will fall over as soon as you hit 1GB of throuhgput. The VPN will not connect until a system restart is performed.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Validated VPN device

    Work with Microsoft to get listed as an Azure Site-to-Site Validated VPN Device.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. DMVPN

    For some customers interesting to have DMVPN, to prevent multiple end-to-end Links.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSL VPN: Support IPv6

    Currently SSL VPN only pushes IPv4 configuration to the client. With some manual editing under the hood you can add IPv6 in the config files.

    I'd like to have this feature by default using the GUI!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. OPENVPN client

    Would like to be able to use the system as an OpenVPN client.

    46 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. Hook to support DNS Server update for Linux VPN Clients

    An option to get a updated DNS Server for Linux VPN Clients. Currently the OpenVPN option only sets the DNS Server for Windows Clients.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. Dynamic VPN: AD password change over SSL VPN

    users needs to be able to change their Active directory password remotely via dynamic VPN when password expires

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. email on vpn connection

    Get an email alert when a specific user logs into the VPN

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Multiple Pools for SSL VPN

    Hi,
    I configured Remote access on UTM 430 and while defining multiple profiles each having different access level. There is a limitation that Sophos does not allow different SSL VPN Pools. It leads to limited control. Mostly devices restrict access on the basis of IP subnet.
    Though Sophos allow access restrictions on the basis of user groups but this task is somewhat not easier.
    To restrict the access for a certain destination network, you need to disable the automatic created security policies and need to define manually.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. Access Control - "Restart IPSEC Connections"-"Right"

    There has to be a "right" for restarting (deactivate and then activate) "IPsec Connection" which is actually not possible. There is now only a possibility to fully give access an user to "networking" or only "Read" rights which is not enough to restart ipsec connection. For example if you have administrators who have to be restricted on the sophos firewall but have to check daily tasks like check ipsec connections and restart them if needed, then this is not possible with the actual version 9.351-X. MAKE IT POSSIBLE PLEASE!

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. PDF preview in HTML5 webapp (http) (SG UTM)

    When using HTML5 VPN session with http webapps, PDF preview is not supported.
    PDF preview would be a nice feature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. IKEv2 support

    We would like to see IKEv2 support so that we can connect to Azure.

    Otherwise this will be a deal breaker and we will be forced to use other appliances very soon.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add multiple domain searching in SSL VPN

    Currently it is not possible for us to add our two domains to the VPN client. Please update so more than one domain can be added in the Remote Access > Advanced section, allowing VPN to search multiple domains.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make SSL-VPN "route delay" option configurable over the Web-GUI

    We have DNS resolve problems with some SSL-VPN clients which can be solved bei changing the value of "route delay" from "4" to "2" in the template config-file /var/confd/res/openvpn/client.ovpn-default. But these changes will be overwriten every time the firewall gets an openvpn update. So please make die value configurable via web-gui.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. SSL VPN on multiple interfaces

    It would be nice to select 2 or more interfaces on the settings of the SSL remote access. We have an UTM with multiple WAN addresses. One of the addresses is used for 443 (SSL) NAT to an internal webserver. But we want to let the UTM listen on 2 other addresses for incoming SSL VPN connections on port 443 TCP. We can only select one interface or any. But with any the UTM sees the conflict with the SSL NAT.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.