SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. spdns.de in DynDns Provider list

    spdns.de is missing in dyndns Provider list

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. vlan

    Make QinQ VLAN aka 802.1ad manageable into the UTM.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. Exclude IP Range from Policy Routes

    The ability to exclude IP addresses from a policy route. An example would be a policy route that excludes local networks.

    Here is the scenario.
    - I have two internet WAN connections (WAN1, WAN2)
    - I have two internal LAN networks (LAN1, LAN2)
    - all 4 are on separate interfaces
    - WAN1 is the default gateway (no uplink balance)
    - LAN1 will use WAN1 for its internet access, the default gateway
    - LAN2 will use WAN2 for its internet access.
    - Both LAN1 and LAN2 will communicate.

    When using a policy route to direct traffic from LAN2 destined for Internet…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. ixgbe

    Update Intel ixgbe driver to a newer release to support more 10GE NICs

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. Please make the site to site vpn route metric/administrator distance configurable

    We normally put a site to site vpn as a backup tunnel for MPLS/PIP network. The current problem on UTM OS is the VPN tunnel routes always overwrite OSPF routes. so everything from the UTM box to a internal server, such as logging server TACACS+ server, monitoring, webadmin and so on, cannot work using internal routes. We can manipulate OSPF metrics but not the site to site VPN route in UTM. I saw some group discussions indicating other companies have the same issue. Wish this can be resolved and make the UTM works more efficient.. We have a lot of…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow network range object in Multipath rules

    This would be very useful. For example, you can allow all endpoints (DHCP range) out a failover interface (lets say a cellular WAN) but not off-site backup servers (would eat up to much bandwidth). Currently we would need to add individual hosts one by one but... really? Who wants to do that?! A range in this case would be much better...Please up-vote!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. Networking: Additional Dynamic DNS Provider support: DnsMadeEasy

    Sophos UTM is an enterprise firewall solution, with respect for all home users out there, in the few cases where DynDNS needs to be run at a company location an enterprise class DynDNS provider is needed.

    I would really appriciate dynamic DNS support for the provider "DNS Made Easy" (dnsmadeeasy.com).

    Brgds,

    Anders
    Sophos UTM Certified Architect

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide dhcp lease time option for SSL vpn pool

    Currently there is no option to configure dhcp lease time for SSL vpn pool. This causes DNS resolution issues as there will be multiple stale records resolving to the same IP. I have reduced the scavenging time but this will not resolve this issue.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. Time base routing in Sophos UTM feature should be available.

    I request to you Customer requirement time base routing in Sophos UTM feature should be available.
    Please add this feature incoming firmware

    Sophos SG135

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. Refresh button for DYNDNS to force update

    There needs to be a way to force an update and refresh of the IP to the DNS vendor. There currently is no way to do this. Turning it off and back on does not do this. If for any reason the IP gets set from another location it will not update with the correct IP because the service does not see that the IP on the firewall has changed.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow to add a single tagged VLAN interface to a bridge

    At the moment it is not possible to add a single VLAN to a bridge, you can only bridge a whole interface (with the whole VLAN trunk on it).
    However, under some circumstances it is necessary to e.g. bridge 2 VLAN-Interfaces together (e.g. during a VLAN migration), to bridge a single tagged VLAN to an untagged interface, to bridge a single VLAN to a RED tunnel interface (e.g. bridge the VLAN of your local clients to the LAN of a small remote office) or to bridge two VLANs with different IDs from former independent locations together (e.g. over a RED…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. TCP Connection Timeout - Modification

    It's important in case of using EAS (Exchange Active Sync) that the TCP connection timeout can be increased within the gui. At the moment only one unsupported workaround exists:

    cc [Enter]
    packetfilter [Enter]
    timeouts [Enter]
    ip_conntrack_tcp_timeout_close_wait$ [Enter]

    It's an important feature if you use EAS.
    You will find more information about this topic here:
    https://www.astaro.org/local-language-forums/german-forum/47370-connection-timeout-modifizieren.html
    http://technet.microsoft.com/en-us/library/ff459598.aspx

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. DHCP release

    Clearing or releasing the DHCP lease IP..

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. BGP Resets When Adding New Subnet

    BGP Shouldn't reset When new subnet is added. This is uncommon that you add a subnet to advertise in BGP and whole BGP resets causing disruption to all users.

    Also, BGP graceful restart should be added.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. hostname

    The UTM hostname needs to be FQDN so that things such as OpenVPN config file can resolve externally. But, this external FQDN should not necessarily be used for internal operations. One can set DNS A records/CNAMES in internal resolvers to anything, but virtually everything, such as notifications, references the FQDN and this can be confusing. It would be better to have a hostname (internal) and then multiple different external FQDNs, depending on the service in question.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. iftop

    Need to have the iftop command to diagnoze bandwith usage.
    The current "live connection" view is too limited in sorting.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add IPv4 and IPv6 selection to DynDNS

    When adding a dyndns provider, there is no way to specify the IPV4 or IPV6 address of an interface. This is a legacy carry over as one interface traditionally could only have one DHCP IP address, but this is no longer true.

    Having a choice would allow us to create two different dyndns entries to update A and AAAA records.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Quota Management

    must add in User identity after user finish Quota Automatic to change speed to low speed
    like i have Speed 2M and i have 10GB after finish 10 GB user lower speed liken 512k
    with new limit after finish it internet off

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. DHCP Duplicate IP Detection

    Have the UTM DHCP server ping the IP address before attempting to issue it like Windows DHCP Server, to avoid an IP conflict. e.g. static address within DHCP scope.

    Currently, if the UTM offers an IP address that already exists on the network the client sends a DHCP Decline, however the UTM will continue attempting to issue the same IP and the client will get stuck in this loop.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. MPTCP (MultiPath TCP) / WAN Bonding / Multilining

    Please Implementate MPTCP (MultiPath TCP) with working VPN over Multiple Lines and additional Backup lines

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.