SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos Central - Allow file exclusion per computer not just per user

    We want to be able to exclude files from scans on a per computer basis. We have some machines that are running software which is picked up as a PUA. We don't want to exclude the executable from ALL PCs, or from just one user, as other users will use the affected computer.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Pi-Hole

    I'd like to see Pi-Hole integrated into the UTM. Pi-Hole is an application that allows you to filter DNS requests based on settings you can set yourself. Its very light weight and should integrate very well within the UTM.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Security heartbeat for utm 9.x

    It would be great if you iplement the new security heartbeat into the utm 9.x also.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block IP's using Blacklist/Blocklist Service

    Support the use of Blacklists/blocklists. Note that this feature was requested at link below and apparently Sophos thought that ATP would satisfy the need, however it does not provided the requested functionality, Therefore I am re-posting this as a new suggestion.

    The old suggestion was marked as implemented by the ATP feature; however ATP is not what was wanted and generates too many false alerts. This is the prior feature request: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/1982075-network-security-block-malicious-botnet-bad-ip-s

    Plain and simple: We want support for blocklists. Such as those found here: https://www.iblocklist.com. I would also like to specify a blocklist per network. So for example…

    82 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Better Firewall Rule Search

    In the search area, it would help to find a Rule, if we can filter from Source net to Destination net.
    For example: Show me all Rules from internal to DMZ, or internal to Any, DMZ to VPN...

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Packet Inspection of TCP UDP like Palo Alto does - Application Based Inspection

    That ones those spent time with that stuff already know how easy it it, to open connections with BotNet Servers or with any other device just by opening an mos likely "common opened" port. BotNet Control, WebFilter, AV.... cant detect those traffic in most cases. We tested it ourselfs and were wondering that those old well known metasploit traffic is not detected.
    Only the https connection made by metasploit was detected (aprox after 10 seconds) and was terminated. But could be endless reopened for 10 additional seconds and so on.

    Its much more than easy to overcome an Sophos UTM…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Expire date for firewall rules

    Firewall rules should have an optional expiry date. This is useful, if a firewall rule has only been approved for a certain period of time.

    With this feature the firewall admin no longer needs to schedule in a separate calendar the removal of a temporary rule and then perform a manual task.

    This results in a cleaner ruleset and less effort for the firewall admin.

    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Firewall Rules counter

    Add a feature that is common and very useful on most firewalls, The display of active counters on firewall rules. This is a quick and useful way to trouble shoot firewall rule issues.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. NOT filtering for firewall rules (and anywhere else with rules)

    Could we have the Firewall interface modified to allow us to apply an inverse rule - that is, filter traffic that does not match the criteria we have put forward. Especially since IPtables can do inverse filtering just fine.

    It'd be nice if we could also do the same in the Exceptions tab for various protections, that would make them much more powerful.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Country Blocking By Top Level Domain Not IP

    Right now country blocking only blocks by IP address, so if I block .ga (Gabon), but the website is registered with a U.S. ip address, the website is allowed for end users.

    Solution: add an option to block countries by top level domain (ex. .ga for country Gabon) without having to create a rule to create a black list and try to use a expression to block based on every domain. Reference ticket #8225803 - Kerry Albert
    Channel Sales Engineer
    Kerry.albert @ sophos.com

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Snort Auto-Block Upon Detection Threshold

    This is a feature that a few Snort additions offer, and would improve quality of life with UTM quite a bit (it's the main feature I miss from pfSense). Allow users to configure a threshold for number of Snort alerts triggered, and amount of time to block an address. When the threshold is exceeded, a firewall rule is set up with an expiry in the future however long the user defined. Waking up to 200 e-mails about a person trying to exploit a server is getting old.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. When creating firewall rules they should be enabled instantly

    Why don't newly created firewall rules activate automatically? Invariably I forget to go to the end of the list and switch the rule to on after I create it. At least take me to the end of the list after it is created if you can't default them to on. I'm not creating a new rule just so it can sit there disabled, why would it default that way?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. DNS Hosts based on SRV Adresses

    Hi,

    please add SRV Records as a usable Network Entity Definition. At the moment just A and CNAME Records are suitable.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add a option to rotate the SSID password on certain time

    There should be an option to choose the SSID password rotation. It should throw an email to specify users with new & old password information. A password can pick from a text file or admin can define some numbers of the password.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Standalone OTP

    Add OTP (2-factor authentication) as a stand-alone feature, to be used with specific NAT rules, or access rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. IP Ban/Black list (quickly accessible - dynamic)

    Very very often there are random attacks (SMTP/WEB/SSH etc.) occurring from a certain hosts/bots - often small pool of random addresses.

    It would be EXTREMELY handy if we could have a Quick-Access-Dynamic-Absolute-IP-Blacklist.
    What would be even better is if we can create and maintain such lists per interface basis. (one for WAN, one for Internal1, one for Internal2 etc.)

    No host definitions, no firewall rules, no network definitions, no timeouts, no application filter, nothing.

    Just a plain simple, clean, one-click away, absolute IP ban/blacklist.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add rules for TLS SMTP and update Email Messsaging group

    Since many mail providers want TLS for SMTP I suggest adding an TLS SMTP (Port 587) rule.
    The rule should also be added to the Email Messaging group which is predefined!

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Domain Network Definition

    It would be very beneficial to be able to create a domain network definition to build firewall rules off of. For example, I might only want hosts which reverse to the domain of .att.net to be able to connect to a particular firewall rule. Or perhaps hosts with a .edu extension to be able to use a firewall rule. There are many uses for this (including SMTP).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. automatic block incoming TOR clients dynamic, means every traffic from tor to my webmail should be blocked

    Hello,

    it would be really fine if we can block all incoming TOR and anonymous VPN clients. This should be possible for all incoming connections.

    a list of exit nodes are here:
    https://check.torproject.org/exit-addresses

    this list should be "imported" automatic scheduled.
    for now, there is an option "block clients with bad reputation" for webserver protection, but this is not working (using latest firmware )
    Firmware version: 9.209-8
    Pattern version: 69668

    thats it

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Backup databases/reports/data on the Sophos UTM in addition of the system configuration.

    Backup databases/reports/data on the Sophos UTM in addition of the system configuration.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.