SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Compatibility with VRF

    This request is more and more a demand coming from customers that sometime have strong requirement for their routing backbone. Could be a very good point to implement this kind of feature.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. time bound interface policy control would really help us.

    time bound interface policy control would really help us.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. UTM - SG to XG RED Tunnel

    Can we please have the ability to setup a RED tunnel between an XG UTM and an SG UTM? I am NOT talking about a RED device itself, rather a RED tunnel between 2 UTM's. I know I can do IPSEC but RED tunnels would be handy.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. Specify order of DNS used by Request routing instead of Round robin.

    When configuring a request route, the ability to specify the primary, secondary and tertiary DNS would allow clients to control what the priority and order the UTM uses for each DNS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. MAC Address Definitions: Description fields in lists

    Create a field that describes each entry that is within MAC address definition list.

    In our case we've created a white-list for wireless devices and it currently appears as a large list of indistinguishable devices.

    A simple field tied to these addresses would improve management. Having the logs reference this field would also be a benefit as we currently have difficulties identifying the devices that are within our list when there is an issue.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improve the WAN Gateway monitor.

    Copernicus project

    Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
    This can help much to prevent false positive gateway status.
    The same feature could be added on VPN Failover system

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support dynv6.com as DDNS Provider (free and ipv6 ready)

    Free Dynamic DNS - Get hostnames for your dynamic IPv4 and IPv6 addresses within seconds.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. Unequal Uplink Balancing

    Sophos need to introduce a better option for traffic shaping. If there are two wan links with unequal capacity. There is no way that you can avoid on link from choking.
    So far Sophos support connection ratio for uplink but a single connection can choke all the bandwidth of WAN Uplink.
    In order to restrict a host you need to define bandwidth pool and that is very convenient if you have 500 users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. queueing DNS groups

    as example DNS host github.com changes IP every 30 seconds:
    $ dig github.com +trace
    [....]
    github.com. 30 IN A 192.30.252.130
    [....]
    with multiple dns requests:
    github.com. 30 IN A 192.30.252.131
    github.com. 30 IN A 192.30.252.129
    github.com. 30 IN A 192.30.252.128

    but DNS host / DNS group checks every 2 minutes, and LAN servers
    accessing the host are not able if they have different IP for it as the utm9
    ==>
    my suggestion: DNS group should not remove "old" IPs or replace new IP if IP differs, it should do a FIFO queue and older IPs removing after an expiring time

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support to copy/duplicate policy rules

    Copernicus Project
    This will help us to reduce time, management in this operation.
    Policy Rules with the same same destination, ports, gateway through but with the source address different, could be easily cloned with based from other one.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support to choose multiple Hosted Address when create a Business Application Policy

    Copernicus Project
    Add support to choose multiple Hosted Address when create a Business Application Policy.
    Imagine a customer with 3 WAN links and 50 Business Application Policies rules. It is needed create 150 Rules for this. This is a real case today.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. It would be great if i can get a list or report of all defined networks (maybe for routes too).

    It would be great if i can get a list or report of all defined networks (maybe for routes too). At the moment i have to do this by showing all networks and hosts, choose all and copy/paste, clear all i don't need. :o(
    Thank you :o)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. One Endpoint Agent that has all the capability like SSL/IPSec VPN, Authentication,AV, .. etc. And make space for new modules to be added.

    One Endpoint Agent that has all the capability like SSL/IPSec VPN, Authentication,AV, .. etc. And make a space for new modules to be added.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. DSL reconnect invalidates route cache

    Automatic DSL reconnects don't invalidate the route cache.

    Hosts can not be reached until the uplink monitoring detects the interfaces being restarted.

    Details are discussed with support legend BAlfson in the forums: https://community.sophos.com/products/unified-threat-management/f/54/t/74255

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support for Dynamic DNS with ZoneExit

    Adding support for this provider should be very easy

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow continual ping to go from primary to secondary connection

    Currently if you are running a continous ping out WAN1 and it fails over to WAN2 the state table does not get flushed or updated for the ICMP request and the pings will fail even though the connection is up. Going in and manually clearing that connection "conntrack -D -d 8.8.8.8" will fix it. This is helpful in troubleshooting fail over and monitoring fail over time. Many other firewall manufactures do this.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Routing: SLA (Performance) routing

    Some customers ask to have possibility monitor in Uplink monitor not only availability, but also SLA metrics: Jitter, packet loss, delay.
    Based on some threshold choose the best Uplink.
    It's good to have not only UTM, but also for RED.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. UTM to track IPS alerts back to the original client machine

    As above. A feature that should have been included buts was left out.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. LISP Support

    to bundle multiple WAN connections (Locator/ID Separation Protocol = LISP).
    And a ready to use EC2 Machine as endpoint for self hosting.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.