SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IPSEC

    IPSEC
    1. If using IPSEC (remote access) and psk, there is no option for auto firewall rules. Add option here.
    2. If using IPSEC (remote access) and psk, manual firewall rules do not work as there is a hidden rule applied in the background that is higher up the list and overrides any manual rule you put into the UTM. Get rid of this rule so manual rules work.
    3. If using IPSEC (remote access) and psk with no XAuth, there is no indication that anybody is remotely connected to the UTM at all. Show this in the GUI.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSL VPN: Configurable port-sharing

    [UTM 9.1] Openvpn port-sharing is automaticly used when using UserPortal on same port as openvpn (eg tcp:443), however If user wants to forward https traffic from openvpn port to another host, there is no way.

    Currently it is possible to bind openvpn to udp:443, and use DNAT tcp:443 to forward https traffic somewhere else, however if want to use tcp:443 on same IP, there is no way to easily configure port-sharing.

    It would be great if in "Remote access/SSL/Settings/Server settings/" would be additional field: Forward https requests to: $host $port. That would add simple line to openvpn.conf "port-sharing $host $port".…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide support for Wildcard Digital Certificates for User Portal

    We have been told by Sophos Support that the UTM will not present the intermediate CA (Digicert Wildcard Certificate). Please provide support so we can use our existing wildcard certificate with the user portal. There is an unsupported workaround, but it does not persist through a reboot.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. 13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. prompt for credentials when using NLA with HTML5 VPN Portal

    Instead of having to enter static credentials in the Admin Portal for RDP connections with NLA, the user should be prompted for their credentials when using the connection. Having static credentials doesn't make sense when only admins can enter them (meaning the admin has to know everyone's credentials) and passwords are changed on a regular basis (meaning the admin has to update the password on every connection every x days).

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support packet fragmentation for packets arriving from internet that will be crossing an IPSec VPN tunnel

    Currently packets >1500 bytes from our ISP connected to a UTM (v 9.404-5) are accepted and fragmented for traffic destined to a LAN. However, packets > 1500 bytes from the internet that will cross an IPSec tunnel (also terminating on the UTM) to reach a remote network are rejected with the UTM sending an ICMP fragmentation needed.

    If the UTM will accept jumbo packets and fragment for the LAN, it should do the same for traffic to networks across a VPN tunnel.

    See case 6142979 for additional details.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. 14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. SSLVPN Client logfile lotate

    When SSL VPN has connected, the client logfile is overwritten by new connection.

    It is necessary to move the logfile manually before a new connection in order to confirm the last connection logfile.

    I do not want to overwrite the client logfile.
    Or I want to rotate the logfile so that can confirm the past log.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. Stop updating SSL VPN client without incrementing the program version

    Hello, the Sophos VPN client for Windows has received several updates already since UTM version 9.4 rolled out. However, in each case the program version has remained at 2.1 which makes it extremely difficult for us to script out updating the clients on our users computers. In addition, not incrementing the program version is considered very poor practice in software development.

    Can you increase the product version each time you update the client (EG 2.2, 2.3, ETC) or at least add a sub-version/buildnumber (EG 2.1.100, 2.1.101)?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow IPsec phase 2 SA lifetime to be specified in kilobytes as well as seconds on the XG firewalls

    Currently phase 2 SA lifetime can only be specified in seconds, however other devices often include a lifetime in kilobytes as well by default (such as Cisco ASAs). When connecting to outside organisations they often request this setting to be configured.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. User SSL VPN Failover

    Trying to setup SSL VPN Failover, we saw that is possible to bound only to one interface address or "any" interface. The same thing happens for User Portal. So when the WAN interface goes down, no ssl vpn or user portal is accessible. We can bound to any but to a different port, but we need to access SSL even behind a firewall for remote users(80, 443 are allowed).

    Instead the feature is already possible with L2TP where you can assign Uplink interface or Interface Group.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add SSL VPN traffic to daily executive report

    Currently traffic show "not accounted: for SSL vpn users on the executive daily report. Can we enable so it shows how much traffic each user is generating? Also it would be nice to adjust the amount of users shown in top10 vpn users by duration, so we can see more than just the top 10.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. different IP addresses for concurrent L2TP VPN user

    A same L2TP user account logged on 2 different computers receive a same IP address from external DHCP server, and it makes concurrent L2TP VPN user not feasible.
    It would be nice if UTM can support concurrent L2TP VPN users by allocating different IP addresses to client computers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to show disclaimer/security warning when logging into SSL vpn.

    Ability to show disclaimer/security warning when logging into SSL vpn. Similar to the one you see when logging into the web admin console.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. implement two or more network ssl vpn

    having two or more SSL VPN IP networks with different ranges to better split the VPN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support for DM-VPN.

    I'd like to see support added for DM-VPN. This would allow Sophos to be used in offices that require dynamic multi-point vpn setups. I've worked with DM-VPN setups in multiple bank environments.

    Info:
    http://en.wikipedia.org/wiki/Dynamic_Multipoint_Virtual_Private_Network

    Linux support done via OpenNHRP.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSL-VPN Client for Windowsphone 10 (WP10)

    Would be great to have an installable SSL-VPN client for Windowsphone mobiles.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow changing of the DPD values on the UTM GUI

    Allow changing of the DPD values on the UTM GUI. Currently we can only switch the Dead Peer Detection on or off. We should be able to change the DPD action and delay & timeouts from the graphic interface.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. list of connected sessions

    List VPN sessions connected by host when managed by SUM Gateway Manager. This would save having to log into each VPN gateway to see the active sessions by IP and authenticated user per host.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure Validated VPN device

    Work with Microsoft to get listed as an Azure Site-to-Site Validated VPN Device.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.