SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Google Domains Dynamic DNS

    Google Domains includes support for dynamic DNS (see https://support.google.com/domains/answer/6147083) which uses the dyndns2 protocol. It would be useful to have Google Domains as an option within the UTM's list of dynamic DNS providers.

    38 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow DHCPv6 Relay on a bridged client interface

    Apparently I am forced to use a switch for that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. Re-Use Additional Address Objects for multiple interfaces, and on masquerade rules for "Uplink Interfaces"

    Currently we have a scenario where a customer owns a /24 range, which they announce over multiple BGP peerings with various telcos. Currently for redundancy over each link - it is required for each IP within the /24 that would be utilized to be made as an additional address for each individual VLAN WAN interface, as well as making a masquerade rule per downstream network range (site), per WAN interface (of which there are 4).
    This means we need to quadruple all additional address objects, and all masquerade rules, making one for each VLAN interface on the same physical interface…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add OSPF Interface Mode "passive".

    Add OSPF Interface Mode "passive". This is a Basic OSPF Interface feature which put the Interface Network into the OSPF but not usinf the Interface for route Distribution. There should be three modes "active,passive,disabled" .

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. interface bridge icmp

    External WAN IP Adresses aren´t ICMP visible (Ping not possibile) in Interface Bridge Mode.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. MSS Clamping for PPPoE

    MSS Clamping for PPPoE

    Path MTU Discovery doesn't work as well as it should anymore. If you know for a fact that a hop somewhere in your network has a limited (<1500) MTU, you cannot rely on PMTU Discovery finding this out. Causes high latency for internet connections.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. On Shell of UTM, display all the DHCP option including from number 77 to 255

    Hello Team,

    We have customer here requesting to to display all the DHCP option including from number 77 to 255 to the shell of the UTM. Currently will only display option numbers 1 to 76 but supports all 255 option objects. For your assistance please.

    Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. spdns.de in DynDns Provider list

    spdns.de is missing in dyndns Provider list

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. vlan

    Make QinQ VLAN aka 802.1ad manageable into the UTM.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. Exclude IP Range from Policy Routes

    The ability to exclude IP addresses from a policy route. An example would be a policy route that excludes local networks.

    Here is the scenario.
    - I have two internet WAN connections (WAN1, WAN2)
    - I have two internal LAN networks (LAN1, LAN2)
    - all 4 are on separate interfaces
    - WAN1 is the default gateway (no uplink balance)
    - LAN1 will use WAN1 for its internet access, the default gateway
    - LAN2 will use WAN2 for its internet access.
    - Both LAN1 and LAN2 will communicate.

    When using a policy route to direct traffic from LAN2 destined for Internet…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. ixgbe

    Update Intel ixgbe driver to a newer release to support more 10GE NICs

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide dhcp lease time option for SSL vpn pool

    Currently there is no option to configure dhcp lease time for SSL vpn pool. This causes DNS resolution issues as there will be multiple stale records resolving to the same IP. I have reduced the scavenging time but this will not resolve this issue.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. Please make the site to site vpn route metric/administrator distance configurable

    We normally put a site to site vpn as a backup tunnel for MPLS/PIP network. The current problem on UTM OS is the VPN tunnel routes always overwrite OSPF routes. so everything from the UTM box to a internal server, such as logging server TACACS+ server, monitoring, webadmin and so on, cannot work using internal routes. We can manipulate OSPF metrics but not the site to site VPN route in UTM. I saw some group discussions indicating other companies have the same issue. Wish this can be resolved and make the UTM works more efficient.. We have a lot of…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow network range object in Multipath rules

    This would be very useful. For example, you can allow all endpoints (DHCP range) out a failover interface (lets say a cellular WAN) but not off-site backup servers (would eat up to much bandwidth). Currently we would need to add individual hosts one by one but... really? Who wants to do that?! A range in this case would be much better...Please up-vote!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Networking: Additional Dynamic DNS Provider support: DnsMadeEasy

    Sophos UTM is an enterprise firewall solution, with respect for all home users out there, in the few cases where DynDNS needs to be run at a company location an enterprise class DynDNS provider is needed.

    I would really appriciate dynamic DNS support for the provider "DNS Made Easy" (dnsmadeeasy.com).

    Brgds,

    Anders
    Sophos UTM Certified Architect

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. Time base routing in Sophos UTM feature should be available.

    I request to you Customer requirement time base routing in Sophos UTM feature should be available.
    Please add this feature incoming firmware

    Sophos SG135

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Refresh button for DYNDNS to force update

    There needs to be a way to force an update and refresh of the IP to the DNS vendor. There currently is no way to do this. Turning it off and back on does not do this. If for any reason the IP gets set from another location it will not update with the correct IP because the service does not see that the IP on the firewall has changed.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow to add a single tagged VLAN interface to a bridge

    At the moment it is not possible to add a single VLAN to a bridge, you can only bridge a whole interface (with the whole VLAN trunk on it).
    However, under some circumstances it is necessary to e.g. bridge 2 VLAN-Interfaces together (e.g. during a VLAN migration), to bridge a single tagged VLAN to an untagged interface, to bridge a single VLAN to a RED tunnel interface (e.g. bridge the VLAN of your local clients to the LAN of a small remote office) or to bridge two VLANs with different IDs from former independent locations together (e.g. over a RED…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. User-defined field for DynDNS

    My idea: DynDns field for user-defined Update-URL to use all DynDNS providers and Features like MX-Record and A-record.

    So it is not necessary, to put all DynDNS providers in the choise field.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Netgear Aircard 340u LTE Support

    I walked into the ATT store and bought the only USB AC that they had - the Netgear AC 340u. I had asked if this was the only option - Yes was the reply.

    The AC 340u does support linux. It would be super if the UTM and RED supported the AC340u.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.