SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Backup databases/reports/data on the Sophos UTM in addition of the system configuration.

    Backup databases/reports/data on the Sophos UTM in addition of the system configuration.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firewall Order of Operations

    Firewall Order of Operations

    Based on testing and additional information found in other request, it appears that the proxies/security services have a higher order of operation over the firewall. As such, even with firewall rules in place, the security services override those settings. With email protection, this essentially opens up SMTP on the Sophos UTM to anyone on ALL interfaces. This, thus, increases the surface attack area of the device to an unacceptable level.

    Changing the order of operation would allow the administrator of the device to dictate, via firewall rules, what can and can not access the Sophos UTM…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Timeout of Snort

    It is requested that it be recorded in the log when the monitoring of snort does the time-out.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for sharing your ideas with us. I wanted to get some clarification though, because it’s not clear what this request is asking for. The IPS engine doesn’t have any sort of timeout value that would cause an event to need to be logged.

    If you mean that when IPS causes a session to timeout because it has discarded packets, that this should be logged, but this is exactly what IPS does by default. Can you clarify what additional behavior you’re asking for?

    Thanks again for sharing.

  4. STIX Importing

    Have the ability to import STIX entries (Structured Threat Information eXpression) for automating rule creation.

    http://stix.mitre.org/

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. application control on schedule

    Being ablee to do application control on schedule for per exemple allow facebook only on lunch and break time

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Control on Sophos NAT port exhaustion

    show on Sophos if is there NAT port exhaustion using CLI

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Network Protection Firewall Rules - Set special Interfaces within a rule

    Within a single Firewall-Rule and NAT-Rule I would like to set on which Interface a connection has to arrive and leave.
    If the connection arrives on a wrong interface, this should be ignored.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Create Sophos Splunk App for UTM

    Create a Sophos UTM Splunk App like other firewall vendors (i.e. checkpoint, cisco) but integrate IDS, AV features. Include pre-defined dashboards that show firewall denies, IDS blocks, Anti-Virus actions etc...

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. dynamic DNS

    We know that bad actors like to churn their DNS information to prevent categorization services like UTM / TrustedSource. This was confirmed recently when I read research showing that DNS hosts on dynamic DNS have a disproportionately high incidence of malware. I cannot envision that our users ever need to visit a dynamic-dns FQDN for purposes essential to our business, so I would like the ability to block them. In my view, if an entity cannot afford a static IP for their services, they are not big enough to be a partner to us. If implemented, this might be an…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. deploy IPS exception from SUM

    I suggest you to be able to deploy IPS exceptions from SUM (as we can do with ATP)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos Firewall: Probing of PSK into VPN IPsec tunnel for each Gateway by Respond only

    Make it possible to have for each IPSEC Remote Gateway its own PSK if mode is on respond only with same endpoint details

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Block psiphon proxy latest version (other vendors already blocked it)

    Need to block this ASAP as UTM is useless when it is bypassed by this software

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Block client connection without Sophos Endpoint Protection

    We got a Problem right now in our Network. With several "boot disks" it is possibe to Change the local admin user account or get Access to the registry and disable sophos endpoint protection. One of our employee did it. One of These who thinks he can do what he wants and he is the best, but it's another Story ;)

    Everything was blocked by device control allready, but it works only when the Workstation is up. While booting you can do what you want.

    It's easy to Change the BIOS Password by resetting it with the Mainboard battery (disable…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. heartbeat policy option

    I would like to suggest that with heartbeat enbaled that when someone is Red or no heartbeat that there is an option to either block internet access, or to drop next policy in the list

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. We need a "Blacklist Group" object that we can populate with individual IP's or an IP range.

    We need a simple blacklist "group" object that we can pop in either individual IP's or an IP range. This would be used for blacklisting IPs and blocking/drop all traffic from these IPs before they hit the filter rules. Similar to how the country blocking works but with out own defined list of IPs, IP ranges and even domains (top level and subdomains).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Network Protection: Automatic blacklisting

    Please make it possible to set rules to automatically add ip addresses to a blacklist for a specific time period if they are exceed the specified packet limits set in Anti DoS!

    E.g.:

    2000 packets/sec over limit -> 30 seconds blacklist
    5000 packets/sec over limit -> 60 seconds blacklist
    10000 packets/sec over limit -> 120 seconds blacklist

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Live View Nat Connection List

    Recently tried to debug long term TCP connections used by the NEST thermostats. The issue at heart was trying to find out whether or not there was a TCP connection established. It would be awesome to have a live display that would process in a useful way the output of /proc/net/ip_conntrack

    For example, I used this CLI to help my efforts:
    cat /proc/net/ip_conntrack | awk '{print $4" "$5" "$7" "$6" "$8}'

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Firewall rules to be members of multiple groups

    Allow Firewall rules to be members of multiple groups so they can be associated with several rule sets.

    Or even allow them to be given tags so all rules can be listed that have a particular tag assigned.
    Sometimes it a firewall rule does not just fall under one group of rules.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Tune Nat Values

    It would be awesome to have an interface within the webAdmin tool to adjust the nat values into areas like /proc/sys/net/ipv4/netfilter

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Network Protection: Use Suricata for IPS

    I think it could be worth a look at, unless Snort comes up with a multfhreaded version.
    http://www.openinfosecfoundation.org/
    http://suricata-ids.org/

    44 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.