SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for Industrial Protocols in DPI / IDS

    We are fairly recent Sophos partner, our business is in industrial automation and control systems customers.

    Security for industrial automation, critical infrastructure, and industry 4.0 is very much a hot topic right now.

    We would like to see some development to include capability for Deep Packet Inspection and control of industrial control protocols such as:

    Modbus TCP
    Ethernet/IP (CIP)
    OPC Classic (DCOM / RPC)
    Siemens S7
    etc.

    Inclusion of rules for these into IDS would also be welcomed.

    A number of vendors approaching us are starting to get into this specialist area of the market and it would be great…

    4 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • VoIP helper & TLS

      Deutsche Telekom provides TLS-Support with their "SIP-Trunk". This can't be used with the SG's VoIP helper and telephony systems connected to the LAN.
      Please enable SSL/TLS interception for the VoIP helper.

      5 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Notify me when unauthorised devices appears in default VLAN - when DHCP is used

        Unconfigured Switch ports have the default VLAN, which is not in use - but the UTM has a DHCP to hand out IP Addresses. When this happens, this must be unauthorized - so I would like to get a notification.

        3 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Packet filter: allow wildcard subdomains

          Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

          Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).

          10 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Detect port scans using an XG and automatically block the source IP

            The XG firewall should be able to detect port scans when they occur and then have the ability to block the source IP.

            3 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • L2TP over IPsec via IPv6

              L2TP over IPsec is currently only working via IPv4. Please support IPv6 as well.

              5 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Pi-Hole

                I'd like to see Pi-Hole integrated into the UTM. Pi-Hole is an application that allows you to filter DNS requests based on settings you can set yourself. Its very light weight and should integrate very well within the UTM.

                15 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Block IP's using Blacklist/Blocklist Service

                  Support the use of Blacklists/blocklists. Note that this feature was requested at link below and apparently Sophos thought that ATP would satisfy the need, however it does not provided the requested functionality, Therefore I am re-posting this as a new suggestion.

                  The old suggestion was marked as implemented by the ATP feature; however ATP is not what was wanted and generates too many false alerts. This is the prior feature request: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/1982075-network-security-block-malicious-botnet-bad-ip-s

                  Plain and simple: We want support for blocklists. Such as those found here: https://www.iblocklist.com. I would also like to specify a blocklist per network. So for example…

                  72 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    18 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Better Firewall Rule Search

                    In the search area, it would help to find a Rule, if we can filter from Source net to Destination net.
                    For example: Show me all Rules from internal to DMZ, or internal to Any, DMZ to VPN...

                    5 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Expire date for firewall rules

                      Firewall rules should have an optional expiry date. This is useful, if a firewall rule has only been approved for a certain period of time.

                      With this feature the firewall admin no longer needs to schedule in a separate calendar the removal of a temporary rule and then perform a manual task.

                      This results in a cleaner ruleset and less effort for the firewall admin.

                      31 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Firewall Rules counter

                        Add a feature that is common and very useful on most firewalls, The display of active counters on firewall rules. This is a quick and useful way to trouble shoot firewall rule issues.

                        5 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • NOT filtering for firewall rules (and anywhere else with rules)

                          Could we have the Firewall interface modified to allow us to apply an inverse rule - that is, filter traffic that does not match the criteria we have put forward. Especially since IPtables can do inverse filtering just fine.

                          It'd be nice if we could also do the same in the Exceptions tab for various protections, that would make them much more powerful.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow user-defined rules to be applied before built-in rules

                            There is a strong need to be able to prevent access to several protocols that have proxies implemented in ASL (e.g. SMTP).

                            Currently, the fact that built-in rules are always applied before user-defined ones has the following consequences:
                            - It is impossible to prevent access to one of these proxied services alone. The only option is use blackhole routing (which prevents all trafic from and to the targeted networks).
                            - It is very much unclear to the user why a given rule isn't applied. Instinctively, an explicit "deny" rule should always apply before any and all "allow" rules. This rather…

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Country Blocking By Top Level Domain Not IP

                              Right now country blocking only blocks by IP address, so if I block .ga (Gabon), but the website is registered with a U.S. ip address, the website is allowed for end users.

                              Solution: add an option to block countries by top level domain (ex. .ga for country Gabon) without having to create a rule to create a black list and try to use a expression to block based on every domain. Reference ticket #8225803 - Kerry Albert
                              Channel Sales Engineer
                              Kerry.albert @ sophos.com

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Introduce Behavior and Reputation Based IPS Signatures

                                There are Snort based IDS rule sets that provide behavior and reputation based rules which do not currently appear to be available in the UTM. Current IPS rules are insufficient to detect connections from known malicious hosts. Further, we have experienced fairly large brute force attacks against open RDP ports (business requirement) , that went undetected by the UTM IPS.

                                Example Rules:
                                Emerging Threats - ET CINS Active Threat Intelligence Poor Reputation series signatures
                                Emerging Threats - ET SCAN Behavioral Unusually fast Terminal Server Traffic

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Implement DNS Blacklist in the DNS Server, not the IPS subsystem.

                                  IPS blocks queries to resolve untrusted host names. This tells the client that the DNS server has failed, not that the query should not be resolved. Consequently, the client immediately re-attempts the query using a different path. The consequences of having no response from all DNS servers will be implementation specific and therefore unpredictable.

                                  Instead, we need UTM to return a non-existent domain result (NXDOMAIN), so the client stops trying to resolve the name at all. This is how Quad9 is described to work. To produce this result, the blacklist has to be moved out of IPS and into the…

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • IPS Log Files need the IPS Rule ID

                                    To create an IPS exception, the system administrator must know the rule number. But there is no way to determine a rule number, so the exception capability is useless. The GUI does not provide a rule review tool. The log files contain: reason (test), group (number), class (text), and sid (number), but not a rule number. My attempts to correlate UTM field values with the Snort product documentation have also been unsuccessful. The Snort documentation refers to SIDs, but they are fewer digits than the UTM SIDs, with no discernible matching technique. Level 1 Support was also unable to add…

                                    5 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • DNS visibility controls based on connection

                                      Different remote access configurations have differing needs for access to internal resources. Users with limited access rights should only be provided enough DNS information to complete the connections that they need. Resolving any other address can produce several different problems: (1) For WAF and any other externally-published resources.: A remote access user, with limited access to internal systems, may still be required to access other resources through externally-published addresses, such as a WAF site. If his remote access connection only returns internal information, he will be misdirected and unable to access the resource that he is supposed to used. (2)…

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • DNS Hosts based on SRV Adresses

                                        Hi,

                                        please add SRV Records as a usable Network Entity Definition. At the moment just A and CNAME Records are suitable.

                                        9 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • When creating firewall rules they should be enabled instantly

                                          Why don't newly created firewall rules activate automatically? Invariably I forget to go to the end of the list and switch the rule to on after I create it. At least take me to the end of the list after it is created if you can't default them to on. I'm not creating a new rule just so it can sit there disabled, why would it default that way?

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 9 10
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.