SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow SNAT and Web protection work simulatneously

    currently web protection is being prioritized over SNAT. we are getting feedback that on the future patch upgrade to have a feature that will allow SNAT to work while web protection is enabled

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Sophos NAC managable by the UTM

    Activate on specific UTM interfaces the NAC service and in based of the info provided by the Sophos NAC client, activate or deactivate specific packet filter rules.


    • Packet filter rules for authenticated users with Sophos NAC client enable and Computer compliant

    • Packter filter rules for users not authenticated with Sophos Nac client enable and compliant
      Packet filter rules for users non authenticated with Sophos Nac client enable but not compliant
      Packet filter rules for non authenticated users without any Sophos Nac Client

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Option to directly enable new rules

    Give a checkbox to directly enable new rules

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable REDIRECT for DNATs

    With this capability, any Proxy can be made transparent, even when the traffic arrives on a bridge. In other words, be able to create working REDIRECT/DNATs like 'Any -> HTTPS -> {221.222.223.224} : DNAT to {10443} on External (Address)'

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Networking: Ability to bind IP subnets to multiple interfaces

    Currently it is only possible to apply IP subnets to a single interface. If there are for example multiple interfaces connected to the internal network and OSPF is used for routing, an IP subnet could be reachable from any of these interfaces. Within the network definitions, only one interface can be defined for spoofing.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. load balancer

    The server load balancing currently in ASG 9.3 works great on our internal/private network. I attempted to make it publicly accessible and failed. Sophos support just informed me the load balancer can only be used on a private network. They've stated dnat can not be used with the load balancer to load balance publicly accessible servers. I suggest this feature be added to a future release.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable Firewall rule in creation process

    In order to make packet filter configuration easier, you should add a switch for directly enabling a firewall rule by creation. Very often people forget to enable a newly created firewall rule. By default the switch is not enabled.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. MAC address filter - add a description field for MAC Addresses

    All is said above :-)

    In Windows DHCP service I can add a comment for each MAC address. Would be nice to have this in the UTM too.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Server Load Balancing: Choose HTTP Response codes for failed servers other than 5xx (for ex. 404!)

    By now only 5xx HTTP Response codes tell the SLB to disable a real servers (a failed one) and 200 for OK. We want to be able to determine our own HTTP Response Code to disable real servers like 404. This makes it way easier for an admin since he only has to check for a simple empty file - if its there -> 200 (up), if not -> 404 (down). We use this also with HAProxy and it works great.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Data upload limits per-client or per-user to help detect rogue activity

    Monitoring and limitation of upload trafic for dedicated clients and servers for (e. g. x MB/day) to recognize potential trojan activities

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Networking: Masquerading (NAT) Balancing Across All Public IP's

    Use all available public addresses on the WAN interface, even though the HTTP proxy is turned on. The reason for this feature is to keep users working, even if the primary WAN IP address is offline.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Network Protection: Firewall pop-up informaton when hovering mouse

    Hi!

    When I go to Network Protection - Firewall and hover over an object I get a pop-up showing the name of the object which is also written in the rule base. Since the name is the thing I am hovering over I have no use of that information but what I really need is the IP address.

    As it is now I have to move frequently between Network definitions and Firewall rules / NAT or I have to open up every rule and hover over the object in the rule definition.

    Since this is time consuming and error…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. API Gateway

    Enhance border protection by offering an API gateway solution, ala Forum Systems' Sentry API Gateway. As more companies begin to rely on distributed infrastructures that rely on remote API communication, especially within the cloud, there is a clear need for this type of security.

    Considering Sophos' "all in" strategy on cloud offerings, "layer 8" intelligence from CyberRoam, and mobile security from Mojave, Sophos already has the key components in house to dominate this emerging market at a far more competitive price point.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Whitelist for Country blocking

    Be able to block a country except for a particular host that you do business with.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Networking: Display Flow Monitor per-Application

    Ability from the flow monitor to select a traffic and have only the graph of this application/protocol on the period
    to see his load and peak versus time
    so a kind of filter which only show one application/port

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. SNAT HTTP/HTTPS Proxy Traffic

    SNAT HTTP/HTTPS Proxy Traffic

    I would like to suggest a feature which will enable me route my outbound HTTP/HTTPS traffic with SNAT with content filtering policy enforcement. i.e. without exception.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Fix the Country Blocking Exceptions to allow the exceptions to work properly

    When I want to allow only specific hosts or DNS names from a specific country, it should allow that and actually work.

    So if I block all of Russia, I should be able to explictly allow items for a specific business I interact with therebyt either IP or DNS host name. The system says it allows this now, but it doesn't fully work.

    I may also only want to allow email traffic (port 25) for one company but not allow other port traffic.

    This is opened as a support case as well, but support technician said to open a feature…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Probe network for rogue or conflicting DHCP servers

    The DHCP Server built into Windows will only start if no other DHCP server is detected on the network segment. I would suggest incorporating this function into the UTM by sending out a DHCP lease request and waiting for a reply before enabling the internal server. If a reply to the request is received indicate to the user that another DHCP server is already active on the network and must be shutdown prior to enabling it on the UTM.

    In addition to probing before enabling the internal DHCP server periodic requests should be sent out on the network to look…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Firewall Automatic UPnP Option

    I saw an older post about having to option to enable UPnP on the firewall. I understand that it is inherently less secure so should be disabled by default. Would be nice to enable it by even a per IP or MAC basis. With all the other features of the firewall that can detect botnet traffic it shouldn't be that big of a downgrade in security. I've tried Sophos UTM Home for personal use and punching holes in the firewall for every single device was hard enough let alone how it would be for a larger network makes it hard…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Country blocking vs Endpoint Protection to fail to connect and update status of the managed PC

    Country blocking prevents Endpoint Protect from communicating with Sophos Liveconnect and cause the EP feature to stop working. CB should either not do that; or exceptions should be pre-populated to prevent that from happening.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.