SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Definitions: Create objects based on "AS whois" record

    It would be nice to have the ability to define network definitions by whois AS number.
    eg. you could make a definition for all the Telenet public subnets by adding a Definition Telenet-subnet with a parameter AS 6848.
    The AS number database is rebuilt on a daily basis, and could be synced just like the spam, antivirus and content filter databases are synced or updated.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Intrusion Protection: Comment/Description Fields for Modified Rules

    Please add a description field for modified IPS rules (Network Security / Intrusion Prevention / Advanced / Manual rule modificationn / Modified rules).

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Schedule Pattern Up2Date

    Given today's IPS signature disaster, we now want to schedule the updates to occur at a specific time. Please add time to the "Daily/weekly/monthly" options . E.g. We want updates to occur at 10:14AM Daily. I do not care when the updates are downloaded, only when they are made active.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Server Load Balancing: Support for Fail-Over

    Currently you can define a pool of servers > 2. And there is no way to define a failover cluster.

    To do this, I would suggest allowing just a single server in the server list. Then creating a backup server list, in which you could put the backup machine.

    For an example, see the load balancer option in pfSense. The fields would be like this:

    primary server(s) list:
    * servers in this list will receive a portion of incoming traffic.
    backup server(s) list:
    * servers in this will will only receive traffic if all the primary servers are inaccessible.

    In…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    So we understand this request, currently the pool has fail over built in (dead nodes are removed and added in real time to the balancing) but you wish to have resources there (or a cluster of resources) doing no work, but becoming responsible for tasks/work when a failure happens in the primary node(s) only?

  5. Service definitions should start with high port 1024, not 1 (1:65535)

    The default as of now (v7.502) is that the service definitions all use port-range 1:65535 as standard. Most of them actually only uses 1024:65535. I think 1024:65535 would be much better and correct.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Network Protection: Audit policy from gateway

    The idea here is to create the capability for administrators to audit their firewall and security policies to determine how secure they are and want to be.

    This would involve the creation of a series of web pages, email sends, and other methods that virus/spam sites use to hack us, and create dummy viruses on those pages that would be used to create a report indicating where the vulnerabilities are, along with recommendations on how to fix them.

    Over time, this capability could be evolved to provide a comprehensive security audit.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Transparent Proxy User Authentication Rules

    Astaro today is capable of adding user based packet filter rules. Please extend the identification of user's IP addresses that are used in the user based packet filters to the information gathered from HTTP/S proxy authentications.

    This would e.g. enable real hotspot scenarios, where a user first has to authenticate against the transparent HTTP proxy and after that is allowed to access additional services like SMTP / IMAP / VPN.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Packet Filter "Test Rule" Button

    When using "group" containers of IP addresses in the packetfilter rules, it's often hard to tell which rule will catch a given (single) IP address or port during troubleshooting. How about a page or form where we can put in a test src/dest IP address and/or port and it will tell which packetfilter rule will catch it? Similar to how Packeteer's PacketShapers have the "Traffic Class Test". This would be hugely helpful when users call and say "I can't get to site abc.com" and you want to quickly know if it's in the range of addresses or ports that you…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Network Security: User-Customizable Packet Filter Rules

    My dedicated and colocation customers are constantly asking me to block or unblock this port, or that port. If I could only allow him to log in and manage is own rules for his one or two IP addresses (or range), that would really be awesome!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add Import/Export to 'Manual rule modification' in IPS

    The decision was made to enable many snort rules. Now, the admin must change them one at a time. It would be advantageous to be able to import a list when we choose to disable a rule number.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Network Security: Automatically add hosts to IPS Performance Tuning

    For example, a host entered in the 'Host list' on the 'Routing' tab of 'SMTP' should automatically be put into 'SMTP servers' on the 'Advanced' tab of IPS.

    A host used in a 'DNS request route' should automatically go into the 'DNS servers' box.

    On the 'Global' tab of IPS, don't allow an 'Interface (Network)' to be put into the 'Local networks' box if the interface is a DSL or modem type; at least warn that the admin should not put a public network into the box.

    Add Remote Gateways to the IM/P2P skiplist.

    Etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Network Security: Logical "NOT" Support for Packet Filter, DNAT, etc...

    It would easily save a lot of work if we had the possibility to make a mass-rule with "NOT" operators, like accepting all traffic for all directions EXCEPT for some host or network etc..

    Like ACCEPT ANY ANY !Host"A"

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. DHCP server Ping Ahead

    Ping ahead removes the problem of two devices getting the same IP address if one has a static address.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. WebAdmin: Packet Filter Group Editing

    Allow the adjustment/editing of the packet filter groups. Currently it is not possible to edit/change the color, edit the name, delete a group, and otherwise work with this feature.. Allows more polish of this area by completing the abilities, allowing for better management of pf rules as a result of having better group customization.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 2 6 7 8 10 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.