SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Probe network for rogue or conflicting DHCP servers

    The DHCP Server built into Windows will only start if no other DHCP server is detected on the network segment. I would suggest incorporating this function into the UTM by sending out a DHCP lease request and waiting for a reply before enabling the internal server. If a reply to the request is received indicate to the user that another DHCP server is already active on the network and must be shutdown prior to enabling it on the UTM.

    In addition to probing before enabling the internal DHCP server periodic requests should be sent out on the network to look…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firewall Automatic UPnP Option

    I saw an older post about having to option to enable UPnP on the firewall. I understand that it is inherently less secure so should be disabled by default. Would be nice to enable it by even a per IP or MAC basis. With all the other features of the firewall that can detect botnet traffic it shouldn't be that big of a downgrade in security. I've tried Sophos UTM Home for personal use and punching holes in the firewall for every single device was hard enough let alone how it would be for a larger network makes it hard…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Country blocking vs Endpoint Protection to fail to connect and update status of the managed PC

    Country blocking prevents Endpoint Protect from communicating with Sophos Liveconnect and cause the EP feature to stop working. CB should either not do that; or exceptions should be pre-populated to prevent that from happening.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. rtsp helper

    It should be nice to add the rtsp helper. I used it before, i found it at : http://mike.it-loops.com/rtsp. It's working fine.

    It's usefull for watching tv using isp services without having to open all ports.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Unique IDs for firewall rules for documentation purposes

    We would like to have a unique ID assigned to each firewall rule, so that you can refer rules in your documentation by those IDs.
    Using the position number for documentation purposes is not working of course.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Country Blocking - color scheme

    In this context, it would further be desirable when, for reasons of clarity, the countries switch the Country blocking mask would be a contrasting color (eg green = off, red = All, orange = From, yellow = To).

    In diesem Zusammenhang wäre es weiter wünschenswert, wenn aus Gründen der Übersichtlichkeit die Länderschalter der Country Blocking-Maske farblich differenziert werden würden (z.B. grün = Off, rot = All, orange = From, gelb = To)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable use of network services 'library'

    I'm fed up with having to look up port numbers for different online services and add them manually to UTM. UTM comes with a small list (HTTP, HTTPS etc.) - wouldn't it be great to have a centralised library of services (could be maintained by all us UTM Admins?). Just click on the service (e.g. Steam) in the library to have it imported into UTM with all the port numbers defined.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Spoofing protection based on network topology

    Currently Spoofing protection is not implemented very well. "Spoof protection" (Firewall/Advanced) protects only the UTM itself from beeing spoofed; Interface binding of network objects is very error-prone.

    Please alter the spoofing protection as follows:
    - Every interface has it's defined ip networks (locally connected; additional addresses; manually defined for routed environments)
    - Add implicit rules, to drop all packets having a source address that does not match the defined ip networks of the interface on which it enters the UTM

    I think this would make implementing a good spoofing protection much more easier.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. IP (source) block

    static:
    not groups (as a country) or range. But a single address that is attacking the UTM.

    dynamicly:
    (already present?) in one clear list. blocked GEO's or ranges. Temperal bans from the firewall by detected attacks. and the manual blocked ip.s

    When blocking the ip (or small range) chance to select: 30 min, 1 hour, 1 dag, 1 month, for ever.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Firewall Order of Operations

    Firewall Order of Operations

    Based on testing and additional information found in other request, it appears that the proxies/security services have a higher order of operation over the firewall. As such, even with firewall rules in place, the security services override those settings. With email protection, this essentially opens up SMTP on the Sophos UTM to anyone on ALL interfaces. This, thus, increases the surface attack area of the device to an unacceptable level.

    Changing the order of operation would allow the administrator of the device to dictate, via firewall rules, what can and can not access the Sophos UTM…

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Cloud Storage Gateway

    More organizations are beginning to rely on cloud storage solutions to address various user and infrastructure needs. Yet, concerns remain over data leakage, malware, and unauthorized access. As the Sophos HTML5 Portal offers a lightweight abstraction layer for remote desktop access, they should also offer a WebDAV/SSL based abstraction layer for cloud storage.

    Relying on the existing feature set of "layer 8" identification (CyberRoam), in-transit scanning, DLP, high-throughput encryption, and an already comprehensive Linux OS, Sophos is uniquely positioned to offer users an abstract view of their storage topology. Sophos could easily support a variety of heavier storage protocols on…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Timeout of Snort

    It is requested that it be recorded in the log when the monitoring of snort does the time-out.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for sharing your ideas with us. I wanted to get some clarification though, because it’s not clear what this request is asking for. The IPS engine doesn’t have any sort of timeout value that would cause an event to need to be logged.

    If you mean that when IPS causes a session to timeout because it has discarded packets, that this should be logged, but this is exactly what IPS does by default. Can you clarify what additional behavior you’re asking for?

    Thanks again for sharing.

  13. add smtp on port 587 by default to the e-mail messaging group

    I have to add this port to a lot of networks although it is a standard SMTP port... It would be handy should it be in the default e-mail messaging group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Network Protection: Create firewall rules to automatically "blacklist" an "attacker."

    I'd like to turn on 'reactive rules' to start dropping all traffic from source IPs that trip a threshold of IPS or PF rules.

    Say someone is scanning your website for IIS vulnerabilities and trips 20 IPS rules in 1 minute (administrator defined parameters), then the UTM would create a rule at the top to block all traffic to and from the attacking source IP.

    Bonus points for letting the rule dissolve after N hours as well as being able to turn this rule on for specific interfaces or subnets, You could link it to the geo-location system so that…

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Devices based firewall rules

    In Present Era of BYOD,would be great to have device based firewall rules & UTM controls..eg: Android devices in network could be blocked,Windows devices to be allowed etc

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. STIX Importing

    Have the ability to import STIX entries (Structured Threat Information eXpression) for automating rule creation.

    http://stix.mitre.org/

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automatically allow Microsoft IPs through Country blocking

    Customer found that lots of Microsoft addresses that are being used for Outlook Discover are being block in Country Blocking - once allowed everything works fine.

    Customer wants a built in function to always resolve known Microsoft addresses and to allow these by default.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. application control on schedule

    Being ablee to do application control on schedule for per exemple allow facebook only on lunch and break time

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. OpenAppID

    Add OpenAppID

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Regular Expression Blocking on firewall

    Regular expression blocking should be available in firewall rules.
    Firewall rule blocking only allows to match DNS Host and DNS Group.

    Today i encountered an issue where i put firewall rule to deny requests from semalt.com to reach to our web servers. They start sending the requests to semalt.semalt.com with a different ip. So, i have to do that manually as well.

    Firewall rules should have the ability to block from regular expressions which allows a user to deny anything that comes or before "Semalt.com"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.