SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. QoS Prioritization

    The ability to prioritize data packets based on their QoS flags (TOS + DSCP) automatically on an SG UTM appliance. This would enable high priority items such as VOIP to take precedence over standard email, web traffic, etc without the need to create complex rules for traffic shaping, throttling or guaranteed bandwidth settings.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. SNI Support for XG Firewall

    Server Name Indication (SNI) can be used to host multiple SSL sites on a single IP/Port. See http://en.wikipedia.org/wiki/Server_Name_Indication for details. It is already on UTM, but not XG. This will probably be needed if you ever decide to allow XG Firewall to request and manage Let's Encrypt certificates for multiple domains.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add AWS Route 53 as a DynDNS provider

    Add a DynDNS provider for Amazon Web Services (AWS) Route 54

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make the TTL/Timeout for DNS Groups user-configurable in Webadmin

    At moment DNS Groups have a default timeout of one week. You can only change that manually in cc-menu but it should be user-configurable in webadmin (there already exists an rpm for 9.407 said the support). Please make it possible to change it in webadmin for convenience!

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. SNAT with multiple addresses in source pool

    Please add support for using a list of IP numbers as the "Change source to" field in an SNAT rule. Essentially, allow SNAT from may to few with overload.

    As an example, in iptables, SNAT a /24 to 3 external addresses in round robin (with PAT only when needed) would be

    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source x.y.z.1-x.y.z.3

    Not currently possible with the UTM's UI.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. Delete one DHCP lease

    Please allow to delete one DHCP lease or to block one IP lease.
    We need to block not authorized devices in our network.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. ipoe

    Support for IPOE, since it' s not only in use for consumer lines, but also for >100MB business lines, because lower overhead then pppoe.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add a customizeable field for ddns

    Please add the capability to add a custom dynamic dns definition. It may be fine for the most to choose between predefined vendors, but I want to use my own ddns on my own servers.
    So what i would need is a vendor entry, in wich I can choose a custom fqdn or ip-adress to work with. It would be ok to use the protocoll form dyndns, maybe a possibility to choose would be nice to.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. mtu ignore

    In environments where you have a Layer 3 core switch with Jumbo Frames enabled and you want to create a OSPF neighbor relationship between the Layer 3 switch and a UTM, the adjacency does does not form due to a MTU mismatch. On most network equipment you can either adjust the MTU size for the OSPF instance or ignore the MTU size all together. The UTM allows for neither. Please add functionality to adjust or ignore MTU size during OSPF neighbor formation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. qos setting dynamic limits on uplinks

    I would like to allocate set bandwidth for different vlans (deparments) including voice traffic. Is it possible for us to setup a 100Mb link as follows:

    VLAN1- 20Mb
    VLAN2- 20Mb
    VLAN3- 30Mb
    VLAN4- 10Mb
    VOICE traffic- 10Mb

    I would like to have it set like the above but say if one vlan require more bandwidth and it is available on the link it should be able to grow. The limit should not be a maximum limit so to speak.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Prioritized QoS

    Having the ability to have a hierarchical QoS that prioritized traffic based on certain criteria would be a useful feature. For example, allowing the use of YouTube video streams but marking them as a "low priority". When a user streams a video and they are either the only one on the network or everyone else is browsing at the same priority level, then the traffic will not be throttled. However, if another user starts a higher prioritized session while the video is streaming, YouTube's bandwidth is throttled to allow for the higher priority application to go unimpeded.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Bridge - LTE to Ethernet

    I want to bridge my USB LTE (4G) modem to Ethernet.
    To my knowledge, this is not supported yet.

    More info: https://community.sophos.com/products/unified-threat-management/f/41/t/10885

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. option to manage MSS-Size

    Our internet connection requires a special MTU and MSS size.
    The following rule is required to filter the traffic for all clients on the WAN and WiFi

    iptables -t filter -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN
    -j TCPMSS --set-mss 1360

    This rule can only be added via the terminal and is not persistent.
    Please make this option available in the GUI.

    References: https://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/31852-strange-problem-some-sites-working-some-not-2.html

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. vpn timeout

    Please have a setting for Remote Access timeout after a certain time of inactivity via SSL etc.

    Thanks!

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Second DHCP Server in DHCP relay

    It would be great if you could enter two DHCP server in the DHCP relay. We have two Windows 2012 R2 server with an active/standby Cluster. If the active node Fails, the secondary will take function. But we have to take care, to change the server in the relay on the UTM to let it still work.

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. Google Domains Dynamic DNS

    Google Domains includes support for dynamic DNS (see https://support.google.com/domains/answer/6147083) which uses the dyndns2 protocol. It would be useful to have Google Domains as an option within the UTM's list of dynamic DNS providers.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow DHCPv6 Relay on a bridged client interface

    Apparently I am forced to use a switch for that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Re-Use Additional Address Objects for multiple interfaces, and on masquerade rules for "Uplink Interfaces"

    Currently we have a scenario where a customer owns a /24 range, which they announce over multiple BGP peerings with various telcos. Currently for redundancy over each link - it is required for each IP within the /24 that would be utilized to be made as an additional address for each individual VLAN WAN interface, as well as making a masquerade rule per downstream network range (site), per WAN interface (of which there are 4).
    This means we need to quadruple all additional address objects, and all masquerade rules, making one for each VLAN interface on the same physical interface…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add OSPF Interface Mode "passive".

    Add OSPF Interface Mode "passive". This is a Basic OSPF Interface feature which put the Interface Network into the OSPF but not usinf the Interface for route Distribution. There should be three modes "active,passive,disabled" .

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. On Shell of UTM, display all the DHCP option including from number 77 to 255

    Hello Team,

    We have customer here requesting to to display all the DHCP option including from number 77 to 255 to the shell of the UTM. Currently will only display option numbers 1 to 76 but supports all 255 option objects. For your assistance please.

    Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.