SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos UTM - VoIP - SIP ALG checkbox to enable or disable this feature. Every xDSL-Router has this option.

    Many VoIP provider recommend for their ATA-Fax-Boxes to disable the SIP ALG function, to reduce the noise during transmitting a fax.
    In the Network Prottection / VoIP dialog of the Sophos-UTM, I would enjoy to see this option as a simple Checkbox.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Country Blocking Problem

    Hi everybody,
    Country Blocking is not working correctly. Sometimes ip adresses are not resolved to a country, they appear in the log files as "unknown" and they were not blocked. So some days ago someone tried to connect to our ftp server from sweden, althogh every country is blocked accept of germany.
    Please fix this or integrate a button "unknown" -> deny or something similar.
    Sorry for my englisch ;-)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Connection Tracking Helper SFTP

    A customer want to use a sftp Connection from extern to his Company. For this he install an QNAP NAS and activate SFTP over Port 2112 (SFTP Port 22 is not avaible).

    The Problem is that when we want to connect extern the NAT and Firewall Rules is working, but SFTP Need more then the one port.

    For FTP the solution and Routing works. But SFTP didnt work, For FTP you can use the Connection track helper, but SFTP can not use with that.

    So please activate sftp to work with Connection track helper to work with the different ports.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Networking: RPC Connection Tracking Helper

    A port object that automatically unlocks the associated high ports for the RPC mapper, so you must not unlock all high ports for the RPC services.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. add support for regular URL address such as www.example.com for country blocking exceptions

    When working in country blocking exceptions, the only way to get it work is to enter a websites ip address. Adding support for regular an address such as www.example.com.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable country blocking by time.

    We're trying to find more creative ways to block VPN services after hours at our school and the country blocking will definitely help, but since we have many foreign students are can't have this enabled during school hours - this country blocking would definitely help us but it doesn't have the option for schedules within the option itself or in exceptions.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. add reject-with tcp-reset function

    The "reject" action in the paket filter rules sends an ICMP - Destination Unreachable to the rejected Host. It seems that most applications ignore this ICMP. Therefore other Firewall Systems implemented the "reject-with tcp-reset" function. This way a tcp session will be ended, and hopefully the Applications will not have to wait that long until it realizes that the connection is not permitted.
    This is needed because many computers and other devices suffer from network hangs because they try to connect to forbidden hosts.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPS: Manual Rules Notes

    Under Manual rule modification you can add rules. It would be nice to be able to put a note next to each one to explain what it is, or why it is needed.

    It would also be nice to group Rules.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Networking: Forward Ping for Devices behind UTM

    In V8 it was possible to Ping Devices behind the UTM Device, in V9 it is Disabled and could not be Enabled with a Packet filter Rule.

    This function is useful for us and our Customer which has Devices behind the UTM in his own DMZ that should be monitored by Monitoring Systems etc.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    While already possible by disabling the built-in ICMP handlers and creating your own packet filter rules for explicitly allowing such traffic, we will review the operation of this behavior and if we can refine the GUI here.

  10. Country Blocking Exceptions by source MAC addresses

    Possibility to create a Country Blocking Exceptions with a defined source MAC address. In the normal Firewall rules this is already possible.
    Thanks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Search firewall on IP Adresses

    It would be nice to be able to search in Firewall definitions for IP Adresses, aditional to search on object names.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Open ports based upon source country

    Add the ability to open a specific port but to only allow access to it from a specific country. For example to allow access to a VPN server but only allow access to it from the UK

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add DynDNS Support for Additional Interface IP Addresses

    Will be usefull the possibility to chose to assign a specified dyndns hostname also to an Additional Address,
    not only to the ip of the local interface or the public ip address.

    This is usefull if you have more than one ISP with more than one IP (Additional Address) per ISP.

    Summary:
    -ip of local interface
    -first public IP on the default route
    -ip of the additional address (New)

    So you can update the DNS entrys for all additional addresses from ISP One to ISP Two when the failover happens (Not only
    the Primary Address on the Uplink-Interfaces Network Object,…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Autoadjust IPS rules based on Network Protection rules

    Automatically select only the applicable IPS rules and performance settings based on the network protection rules, e.g. only select HTTP Rules and HTTP performance settings if by filter only HTTP is allowed

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. import your own IOC through wide supported format (stream or file)

    Being able to import our own Yara, OpenIOC, snort, suricata format file through files and/or API.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Web Protection: Allow blocking Flash/ActiveX/Java Separately

    Especially Flash is mostly used by many internet pages, but we want to block Java, due to the security issues!

    In Version 9, you can only choose the three methods together.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. to have a list of all identities present in IPS or an RSS feed

    It would be nice to have a list of all identities present in IPS or an RSS feed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Creating groups of services

    Creating groups of services. Now you have to create one NAT rule for every service. It´s difficult to see which rules belong together. With groups all services belong to a technical request would be fulfilled with one rule.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. SOPHOS UTM integration with FireEye device (IDS)

    SOPHOS UTM has an available integration with FireEye device (IDS)?. This is to automatically block the sites categorized by FireEye as malicious.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. upnp with requirement for static dhcp extra-meta tickbox as acl for upnp deamon plus device probing and cloud based behavior intel

    Add secured uPnP support with requirement for a static dhcp extra-meta tickbox serving as acl for upnp deamon's trusted access. You might even go as far to deepen the acl with rules applied to device request possible based on a detection probe.and central intelligence for generalized behavioral modification of UTM layers based on the fingerprint of network device, with review and customization. That would greatly simplify and automate the GUI experience.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.