SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Name field for Firewall Rules

    Being able to assign a firewall rule a name that can be tracked through the life of the rule is a great tool to help manage your firewall. If the name also shows up in the logs especially live log it is incredibly useful

    You don't need to try and track a rule by a number that keeps changing as rules are added or deleted, simply track the rule name.

    This feature is available in other UTM and firewall products. From someone who's used the feature for many year it is definitely something I miss in the UTM

    37 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Network Security: Block Malicious/Botnet/Bad IP's using Blacklist "Service"

    It would be nice if we could automatically block all traffic to/from IPs identified as malicious by lists such as DSHield or Project Honey Pot.

    88 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  28 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. IPS: Per-Rule IPS Exceptions

    Extended the exceptions functionality to allow for specific rules as part of an exception.

    This will allow for much more granular IPS exceptions in being able to specify a rule be disable/excepted only for a certain traffic flow, like for rule 2122 from Internet to Webserver, without disabling the rule globally or by exempting the resource from IPS fully.

    37 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Network Security: Exceptions for Country Blocking

    I think country blocking should have exception rules tied to it, where profiles could be created and exceptions could be made to bypass it.

    For example, if you had a virtual machine you wanted to allow all traffic too, and countries being blocked, you could create an exception rule like anything else currently.

    32 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add the old sort order of packet filter rules

    In V8 we can change the sort order of packet filter rules. Most customers ask me to have the possibility to see the rules with the old view.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Hi…this is actually a bug and we will fix it during an upcoming up2date. As such Im going to mark it as completed so the points are refunded, since bugs dont need feature request votes to get fixed. Thanks for the feedback everyon!

  6. Network Security: Services Support for Country Blocking

    the country blocking is a very good idea.
    we get a lot of intrusion from china to our terminalserver. the best extension would be if we could limit it to services looks like RDP, VNC

    75 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Networking: Sticky Sessions for Server Load Balancing

    Currently ASG V7/V8 distribute traffic to the real servers depending on the source address. For instance, if there is one sending system existing only then the traffic is forwarded to one real server only although many real servers are enabled to use. A bit more than manual failover is possible by this solution. Setup might appear sometimes, especially when the source address is translated using NAT by the remote provider. I suggest to distribute traffic by connection (e.g. host and source port).

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature was introduced in UTM 9. You can set the sticky/persistence:

    Click the Edit button of a load balancing rule.
    Click the Scheduler (Wrench) button on the header of the Real servers box.
    Choose the persistence time; Persistence has a default timeout of one hour. You can also disable interface persistence for this balancing rule.

  8. Add multiselect to Packet Filter and NAT for bulk on/off or deletion

    I have around 100 Packet Filter rules and the refresh after turning a rule on or off (two refreshes if a search has been done) slows me down. I'd like a multiselect where I could turn on/off or delete a bunch of rules at the same time.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Great news for you, this is possible in 8.100 release, which adds precisely what you have requested here. :) Enjoy!

  9. IPS alert filter

    As we all know, there are some less-than-friendly neighbors on the internet. When one of them persistent generates IPS alerts, a prudent Admin will take appropriate action (perhaps adding a packet filter rule to block all traffic from that source), but since the IPS see traffic before the packet filter, the IPS notifications will continue to arrive. This constant flood of notifications makes the task of identifying new or more critical alerts more difficult.

    Currently the only way to stop these alerts is to disable notifications from that rule, but that is too broad since there may be new offenders…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    You will find a “limit notifications” option in the Notifications section which combines multiple alerts into a single entry seen “x” times. This should solve the problem for you.

  10. User-Based Packet Filtering

    Would be nice to have the way to authenticate the users (defined locally or in backend) against the Astaro, and use the user+ip information to build specific packet filter rules. As authentication method the User Portal could be an option. The best would be to have a SSO client to install locally on the user pc. Some of the other vendors already use some similar features.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. 7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Authentication: Lockout/Ban IP for Failed Login

    While already possible for WebAdmin Login. It should be extended at least to


    • Logins for SMTP authentications

    • Logins for VPN SSL authentications

    • Logins for SSH authentications

    Consider my case: yesterday I have received thousands of failed login attempts in 2hours from a user that tried to access to SMTP proxy in order to send spam. Every time the user tried to login, my ASG made a query to the Domain Controller (so both ASG and DC was under brute force attack).

    I think that the actual absence of ban ip address is a unacceptable lack of security.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. It is available under Authentication Servers—>Advanced. Enjoy!

  13. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Hi Rocket, The DNAT/SNAT rules already have a comment, and it is displayed in [] brackets during the rule title ;) I’ll close this as such.

  14. Packet Filter: Temporary Rules

    A packet filter definition with an expiry time (1h, 2h, 4h, 1day, configurable end-time/date) so you can give access to a service for an external party, and have the rule automatically being disabled when the time setting expires. If possible it would be nice to have the rule deleted with some 'auto-vanish' flag.
    An extra marking or color would be best to let you see it is a 'Temporary Rule'

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This request can indeed be already addressed using a “use once” packet filter rule. The current implementation should solve much of your needs here.

  15. IPS: Continuous Traffic Flow During Up2Date

    enable administrators to separately schedule installation times of updated SEUs (Snort Enhancement Updates - new/updated rules) at custom times. Download would still be automatic only installation would be performed at scheduled time.

    Snort disrupts traffic flow while updating rules. This is not acceptable for many customers.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Intrusion Prevention Rule ID to Email Alert

    When you get an email from the Intrusion Prevention Alert system it does not show clearly the "Rule Number", so that you can make a Manual rule modification.
    see example
    Intrusion Prevention Alert

    An intrusion has been detected. The packet has not been dropped.
    If you want to block packets like this one in the future,
    set the corresponding intrusion protection rule to "drop" in WebAdmin.
    Be careful not to block legitimate traffic caused by false alerts though.

    Details about the intrusion alert:

    Message........: DOS DNS root query traffic amplification attempt
    Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=15259
    Time...........: 2010:02:09-09:52:23
    Packet dropped.: no
    Priority.......: 3…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    We will have a look at making this more clear. The rule ID is actually included there as part of the link for “more information” along with displaying the rule id on the resulting page once you click on the link. (in this case it is rule number 15259) Thanks for the feedback, I’ll close it to refund your points.

  17. Networking: Data Leak Prevention System (DLP)

    A system that will identify, monitor, and protect data through deep content inspection. This will be a must have system to detect and prevent the unauthorized use and transmission of confidential information.

    98 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature was released in UTM 9.2. We’ve added DLP features into our Email protection suite that allow for some very powerful filtering of syntax’s and structured data. (PCI/PII etc..) enjoy!

  18. 7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Server Load Balancing: Prevent offline servers from getting balanced to

    ASG should prevent incoming requests being sent to downed servers. Often it's desirable to temporarily remove a server from a load balancing pool - for example, for planned maintenance. It would be very easy to do this with a toggle which lets you enable/disable a server from the pool. Otherwise, you have to remove that server from the pool - which isn't always possible since you have to define 2+ servers for each rule! (will add that as another suggestion)

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Using the new server load balancing mechanism in V8, ’offline" servers will not be balanced to, so you can remove one or do maintenance anytime you like.

  20. Networking: Better IDS / IPS reporting

    Please improve the newly in 7.500 introduced IPS reporting. The actual possible reports should be more useful and informative for real life usage as they are now. In my eyes there are especially missing reports for:


    • Top rules by host (host can be source OR destination)

    • Top hosts by rule (host can be source OR destination)

    • Top rules by destination

    furthermore the reports should contain more informations as taken action (drop, alert), severity and so on. This would further ease the IPS finetuning and troubleshooting.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.