SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. User-defined field for DynDNS

    My idea: DynDns field for user-defined Update-URL to use all DynDNS providers and Features like MX-Record and A-record.

    So it is not necessary, to put all DynDNS providers in the choise field.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. Netgear Aircard 340u LTE Support

    I walked into the ATT store and bought the only USB AC that they had - the Netgear AC 340u. I had asked if this was the only option - Yes was the reply.

    The AC 340u does support linux. It would be super if the UTM and RED supported the AC340u.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. icmp / ping settings per UTM interface

    Provide icmp / ping settings per interface not just globally for the UTM.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. TCP Connection Timeout - Modification

    It's important in case of using EAS (Exchange Active Sync) that the TCP connection timeout can be increased within the gui. At the moment only one unsupported workaround exists:

    cc [Enter]
    packetfilter [Enter]
    timeouts [Enter]
    ipconntracktcptimeoutclose_wait$ [Enter]

    It's an important feature if you use EAS.
    You will find more information about this topic here:
    https://www.astaro.org/local-language-forums/german-forum/47370-connection-timeout-modifizieren.html
    http://technet.microsoft.com/en-us/library/ff459598.aspx

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. BGP Resets When Adding New Subnet

    BGP Shouldn't reset When new subnet is added. This is uncommon that you add a subnet to advertise in BGP and whole BGP resets causing disruption to all users.

    Also, BGP graceful restart should be added.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. hostname

    The UTM hostname needs to be FQDN so that things such as OpenVPN config file can resolve externally. But, this external FQDN should not necessarily be used for internal operations. One can set DNS A records/CNAMES in internal resolvers to anything, but virtually everything, such as notifications, references the FQDN and this can be confusing. It would be better to have a hostname (internal) and then multiple different external FQDNs, depending on the service in question.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. iftop

    Need to have the iftop command to diagnoze bandwith usage.
    The current "live connection" view is too limited in sorting.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add IPv4 and IPv6 selection to DynDNS

    When adding a dyndns provider, there is no way to specify the IPV4 or IPV6 address of an interface. This is a legacy carry over as one interface traditionally could only have one DHCP IP address, but this is no longer true.

    Having a choice would allow us to create two different dyndns entries to update A and AAAA records.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. Quota Management

    must add in User identity after user finish Quota Automatic to change speed to low speed
    like i have Speed 2M and i have 10GB after finish 10 GB user lower speed liken 512k
    with new limit after finish it internet off

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. MPTCP (MultiPath TCP) / WAN Bonding / Multilining

    Please Implementate MPTCP (MultiPath TCP) with working VPN over Multiple Lines and additional Backup lines

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Show eth link speed/duplex in gui

    the link speed/duplex is not curently shown in any of the webadmin tabs, only a general "UP/DOWN" status.
    Curently the HW tab in interfaces only shows the capabilities of each NIC, and the support/advanced/interfaces tables doesn't show it either.

    the only way to get this important info is to SSH and run ifconfig/ethtool commands, quite cumbersome for an important bit of info (in fact can help troubleshoot cable problems/wrong switch ports/wrong modem configs, etc)

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Outbound NAT without ALIAS

    We have the menu with the possibility to specify outbound NATTTED IP Address but it require ALias on External Interface.
    We need to have the possibility to create an Alias interface from this menu or we need to omit this step for Outbound NAT Rules

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support 802.1P QOS Protocol

    Need the support of 802.1P QOS Protocol for the SDSL EFM (Orange)
    The SDSL don't work without this protocol.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. static ip mac binding for one MAC address to different ip address in different zones having different networks

    We have to configure static ip mac binding for our director's and managers' laptops and mobiles MAC address to ip address in different zones, but we are unable to add one MAC address for different ip addresses in different zones in sophos, which we have configured in earlier firewall sonicwall, but not in Sophos XG(SFOS 16.01). Please, add this new feature in upgraded firmware or generate hotfix for that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Usage Graph of Traffic Shaping Policy

    Option for Graphical view of Traffic shaping policy usage. It's available in Fortigate. It gives a high level view of usage of each Traffic Shaping policy. While clicking on a bar, it shows the top users.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. "Routing Precedence" Feature in SG firewall

    It would be great to add the "Routing Precedence" Feature, that we can find in XG but not yet in SG

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow multiple networks for Masquerade Rules

    We have dozens of RED devices. Adding individual NAT Masquerade Rules is very tedious when you can only select a SINGLE source object per rule. Would be nice to have a single Masquerade rule with multiple sources so I could just add either a new Network definition to the existing rule.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. IPIP

    Cisco IPIP Tunnel Implantation

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. Routing: OSPF Default Route Announcement

    When originating a default route from OSPF, there should be:
    1) The ability to set the type to E1 vs E2 so you can control how costs for this default route are controlled
    2) The ability to change the default metric announced
    3) The ability to tie the announcement of the default route with Uplink Monitoring (rather than just interface link detection)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Exclude IP Address or Range

    I've seen it at some other firewall solutions that it is possible to exclude IP Addresses. This would be very useful for firewall rules.

    Example: Only allow access to the internet

    Any --Any ---> Any IP not in Range 192.168.10.0/24 and 192.168.11.0/24

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.