SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Show eth link speed/duplex in gui

    the link speed/duplex is not curently shown in any of the webadmin tabs, only a general "UP/DOWN" status.
    Curently the HW tab in interfaces only shows the capabilities of each NIC, and the support/advanced/interfaces tables doesn't show it either.

    the only way to get this important info is to SSH and run ifconfig/ethtool commands, quite cumbersome for an important bit of info (in fact can help troubleshoot cable problems/wrong switch ports/wrong modem configs, etc)

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. Outbound NAT without ALIAS

    We have the menu with the possibility to specify outbound NATTTED IP Address but it require ALias on External Interface.
    We need to have the possibility to create an Alias interface from this menu or we need to omit this step for Outbound NAT Rules

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support 802.1P QOS Protocol

    Need the support of 802.1P QOS Protocol for the SDSL EFM (Orange)
    The SDSL don't work without this protocol.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. static ip mac binding for one MAC address to different ip address in different zones having different networks

    We have to configure static ip mac binding for our director's and managers' laptops and mobiles MAC address to ip address in different zones, but we are unable to add one MAC address for different ip addresses in different zones in sophos, which we have configured in earlier firewall sonicwall, but not in Sophos XG(SFOS 16.01). Please, add this new feature in upgraded firmware or generate hotfix for that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. Usage Graph of Traffic Shaping Policy

    Option for Graphical view of Traffic shaping policy usage. It's available in Fortigate. It gives a high level view of usage of each Traffic Shaping policy. While clicking on a bar, it shows the top users.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. "Routing Precedence" Feature in SG firewall

    It would be great to add the "Routing Precedence" Feature, that we can find in XG but not yet in SG

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. NIC Hardware SFP+ OnBoard

    NIC Hardware SFP+ OnBoard
    A lots of customers bought the Supermicro X10SDV-TP8F motherboard. The 6 nics with 1 GbE are recognized, the two OnBoard 10 GbE SFP+ are not shown.
    Please add support for these Intel D-1500 SoC interfaces!!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. Routing: OSPF Default Route Announcement

    When originating a default route from OSPF, there should be:
    1) The ability to set the type to E1 vs E2 so you can control how costs for this default route are controlled
    2) The ability to change the default metric announced
    3) The ability to tie the announcement of the default route with Uplink Monitoring (rather than just interface link detection)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. Exclude IP Address or Range

    I've seen it at some other firewall solutions that it is possible to exclude IP Addresses. This would be very useful for firewall rules.

    Example: Only allow access to the internet

    Any --Any ---> Any IP not in Range 192.168.10.0/24 and 192.168.11.0/24

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. testing

    testing

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Support for BGP Dampening

    Add more feature to the existing BGP Implementation on the UTM like
    BGP Route Dampening & BGP Community

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Prevent or Ignore invalid host DNS entrys

    Currently the Host entry process will allow for a DNS entry that is invalid. This in turn breaks the DNS Proxy (names) service which the firewall uses to process WebFilter requests.

    The web interface should filter and reject, or filter and ignore all invalid DNS entries so that they are not improperly entered into the DNS services ledger.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. 14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. DHCP Relay keep working while internal Wifi-AP from a SG115w is deactivated be timing

    DHCP Relay kepp working while internal Wifi-AP from a SG115w is deactivated be Timing. Actually there were some Problems with the internal AP from the SG 115w and SG105w. Some Printers can´t Print if the AP is in Bridge Mode, installed local on a Windows 7 device und directly connected with the internal bridged AP. Another Trouble with the same devices if you want to use DHCP relay and bridged AP-Wifi with timebased activation for the wifi ... the Relay is crashing with the first wifi "shutdown" you have to reboot the Firewall. With an external AP, there is no…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add support for acting as a secondary/***** DNS nameserver

    Currently, the UTM can either act as an authoritative DNS server or as a (selective) forwarder.

    What's missing is the support for acting as a secondary/***** DNS nameserver that can do zonetransfers from existing DNS nameservers, e.g. internal Active Directory DNS nameservers.

    Imagine you have a small internal network with 1 Windows Server 2012 R2 Hyper-V Host and 2 Active Directory domain controllers running on top.
    When you reboot the HVH for maintenance reason (e.g. updates), both internal DCs are unreachable and a UTM cannot do internal name resolution anymore, as its forwarding target nameservers for the internal domain(s) are…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow DHCP relay through VPN tunnel on a PPPoE interface

    Allow addition of a PPPoE interface to the DHCP relay allowed interfaces list.
    Presently the UTM is unable to perform DHCP relay through a VPN tunnel if the external interface is a PPPoE interface

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow FULL control of DHCP option types

    Many of the current DHCP options are needlessly restricted and limited to a particular type, for example: 125 is HEX and 66 is TEXT. Some systems that use these options require a different value type. In the case of option 125, Mitel phone systems require this as a string.

    We should stop restricting the DHCP option type and instead default to the expected value but allow users to configure this as per their network requirements.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. dns.he.net DDNS support.

    One of the best FREE DDNS providers that also supports IPv6.
    There is allready he.net IPv6 tunnel support in UTM. But dns.he.net is still missing from supported providers.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. Failover for UTM to UTM RED Tunnel

    When configuring a RED 50, we have the option to provide a secondary IP to the Server UTM in the event the primary IP on the Server end goes down. However, when configuring two UTMs to connect via RED Tunnel, there is no option on the Client UTM to configure a secondary IP to the Server UTM. It is really a critical feature needed for failover and would eliminate the need to create two RED Tunnels for each device connected. Why not port that feature from the RED 50 to the UTM?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. WAN ipv6 6rd on XG or UTM 9 or both

    6RD is added on the Sophos XG for IP Tunneling, but the way the ISP's set it up, this should be an option under WAN:ipv6:6RD where you could fill in the ISPs details: 6rd prefix, prefix length, mask length, ipv4 border router address and ipv6 DNS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.