SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Prevent or Ignore invalid host DNS entrys

    Currently the Host entry process will allow for a DNS entry that is invalid. This in turn breaks the DNS Proxy (names) service which the firewall uses to process WebFilter requests.

    The web interface should filter and reject, or filter and ignore all invalid DNS entries so that they are not improperly entered into the DNS services ledger.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. 14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. DHCP Relay keep working while internal Wifi-AP from a SG115w is deactivated be timing

    DHCP Relay kepp working while internal Wifi-AP from a SG115w is deactivated be Timing. Actually there were some Problems with the internal AP from the SG 115w and SG105w. Some Printers can´t Print if the AP is in Bridge Mode, installed local on a Windows 7 device und directly connected with the internal bridged AP. Another Trouble with the same devices if you want to use DHCP relay and bridged AP-Wifi with timebased activation for the wifi ... the Relay is crashing with the first wifi "shutdown" you have to reboot the Firewall. With an external AP, there is no…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add support for acting as a secondary/***** DNS nameserver

    Currently, the UTM can either act as an authoritative DNS server or as a (selective) forwarder.

    What's missing is the support for acting as a secondary/***** DNS nameserver that can do zonetransfers from existing DNS nameservers, e.g. internal Active Directory DNS nameservers.

    Imagine you have a small internal network with 1 Windows Server 2012 R2 Hyper-V Host and 2 Active Directory domain controllers running on top.
    When you reboot the HVH for maintenance reason (e.g. updates), both internal DCs are unreachable and a UTM cannot do internal name resolution anymore, as its forwarding target nameservers for the internal domain(s) are…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable additional functionality in the WebAdmin interface for the integrated ISC DHCP server.

    The current WebAdmin interface offers a limited feature set for configuration of the integrated ISC DHCP server. Supporting additional configuration options would allow for more advanced DHCP confiurations: Multiple pools per subnet, groups, allow/deny unknown-hosts (per pool) and members, client classing (with match), lease limits, etc.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow DHCP relay through VPN tunnel on a PPPoE interface

    Allow addition of a PPPoE interface to the DHCP relay allowed interfaces list.
    Presently the UTM is unable to perform DHCP relay through a VPN tunnel if the external interface is a PPPoE interface

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow FULL control of DHCP option types

    Many of the current DHCP options are needlessly restricted and limited to a particular type, for example: 125 is HEX and 66 is TEXT. Some systems that use these options require a different value type. In the case of option 125, Mitel phone systems require this as a string.

    We should stop restricting the DHCP option type and instead default to the expected value but allow users to configure this as per their network requirements.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. dns.he.net DDNS support.

    One of the best FREE DDNS providers that also supports IPv6.
    There is allready he.net IPv6 tunnel support in UTM. But dns.he.net is still missing from supported providers.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. Failover for UTM to UTM RED Tunnel

    When configuring a RED 50, we have the option to provide a secondary IP to the Server UTM in the event the primary IP on the Server end goes down. However, when configuring two UTMs to connect via RED Tunnel, there is no option on the Client UTM to configure a secondary IP to the Server UTM. It is really a critical feature needed for failover and would eliminate the need to create two RED Tunnels for each device connected. Why not port that feature from the RED 50 to the UTM?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. Compatibility with VRF

    This request is more and more a demand coming from customers that sometime have strong requirement for their routing backbone. Could be a very good point to implement this kind of feature.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. WAN ipv6 6rd on XG or UTM 9 or both

    6RD is added on the Sophos XG for IP Tunneling, but the way the ISP's set it up, this should be an option under WAN:ipv6:6RD where you could fill in the ISPs details: 6rd prefix, prefix length, mask length, ipv4 border router address and ipv6 DNS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Lower precedence of automatic Firewall rules for NATs

    When making a NAT rule, the automatic firewall creations makes NATing traffic much easier. The problem I have is when you NAT an Any to a server, for instance a web-server, there is no way to block individual IP with firewall rules. Placing the automatic Firewall rules at the end but before the DENY-All would allow custom Firewall rules to have an effect.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. time bound interface policy control would really help us.

    time bound interface policy control would really help us.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. UTM - SG to XG RED Tunnel

    Can we please have the ability to setup a RED tunnel between an XG UTM and an SG UTM? I am NOT talking about a RED device itself, rather a RED tunnel between 2 UTM's. I know I can do IPSEC but RED tunnels would be handy.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. Specify order of DNS used by Request routing instead of Round robin.

    When configuring a request route, the ability to specify the primary, secondary and tertiary DNS would allow clients to control what the priority and order the UTM uses for each DNS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. MAC Address Definitions: Description fields in lists

    Create a field that describes each entry that is within MAC address definition list.

    In our case we've created a white-list for wireless devices and it currently appears as a large list of indistinguishable devices.

    A simple field tied to these addresses would improve management. Having the logs reference this field would also be a benefit as we currently have difficulties identifying the devices that are within our list when there is an issue.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Improve the WAN Gateway monitor.

    Copernicus project

    Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
    This can help much to prevent false positive gateway status.
    The same feature could be added on VPN Failover system

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support dynv6.com as DDNS Provider (free and ipv6 ready)

    Free Dynamic DNS - Get hostnames for your dynamic IPv4 and IPv6 addresses within seconds.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Server Load Balancing: Enable/Disable/Weight Real Servers via an API/Special HTTP Response Code for automatic Deployments

    We often deploy new Configurations and Software to our real servers behind about 15 SLBs. By now we always have to login to WebUI to manually rebalance the Real Servers we wan to maintain, and rebalance them back for the second half of a SLBs Real Servers.
    It would be nice to have an SSL+Login API to do it automatically using something like Capistrano or even a predefined per-SLB HTTP Response Code, the SLB knows to rebalance to 0 for specific Servers.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.