SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IPS-Log: suspicious dns query should say the complete FQDN which was "suspicious".

    The IPS-log-output for "reason=_INDICATOR-COMPROMISE Suspicious .top dns query_" should the FQDN be included which was tried to resolve.
    Regards, Daniel

    3 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
    • Network Protection set marked for Logging

      In Network Protection please give us the possibility to enable/disable logging for marked firewall rules. For example an entry in the drop down menu under "Action", where you already can enable/disable/delete the Firewall Rules.
      It's pretty frustrating if you need to enable logging on one or more rules and the page reloads each time, specifically at the auto-generated rules.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
      • Sophos Sandstorm Activity dashboard - show non-malicious activity count for previous days

        in the Sophos Sandstorm Activity dashboard, it would be nice to display the activity count for more then the current day. We can then measure Sandstorm's level of activity (malicious as well as non-malicious detections). Thanks

        3 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
        • Add column for Message ID Message in Log Viewer

          The Log Viewer needs a column for the Message ID Message. In other words what does the Message ID means. Example 08001 this tells you nothing unless you know what it means.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
          • log file

            granular rules to control log file deletion were highly apprecitated. I wish I could set different values for each log category.
            For example to comply with EU-GDPR you would set log file deletion after 7 days and for packetfilter or IPS after 30 days.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
            • Logging : Modify the form of the logs sent to syslog

              For Webserver Protection, the ability to add or remove fields from the logs to be sent to the syslog server. (for exemple, the field about "cookie", which contains a number of important characters)
              But also to be able to modify the number of characters of a request so that the logs are not truncated

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
              • Ability to specify "container" log group for AWS Cloudwatch logs

                Currently, when using the log to AWS Cloudwatch, logs are just dumped into top level /var/log/<blah> groupings. Not only does this clutter up the Cloudwatch logs view, but it makes it impossible to have multiple UTMs logging to the same AWS account.

                What I'd like to see is a way to have a prefix or container log-group e.g., UTM1/var/log/messages etc... so that all the logs are grouped under a single category.

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                • It is possible to implement the configuration download in notepad how we can do in Cisco devices?

                  It is possible to implement the configuration download in notepad how we can do in Cisco devices? So it will be very useful to know the setup if any new person manage the device.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                  • search

                    When displaying the results of a search of a log file, display the search terms used in the popped up window.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                    • log filtering aprovement

                      When I look in a live webfiltering log and filter this log on "action="block"" I like to see only log rules of blocked connection and not the first 10-20 rules with all log rules at every reload of the filter.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                      • Unified logging

                        Compared to MS Threat Management Gateway 2010, analyzing log files on UTM is a chore. TMG had several advantages:

                        1. Unified firewall, waf and proxy logs.
                        2. Logs were store in a single file or an internal/external SQL database
                        3. The interface for analyzing log data was capable of easily creating very complex queries with point and click.
                        4. Logging was on by default.
                        5. Data was broken into columns automatically, did not require parsing a very long text string.
                        6. Easily exported to Excel for further analysis

                        I would like to see some of this implemented in UTM. Viewing…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                        • Logging: Anonymization of the original data

                          The Anonymizationtool anonymized only the webreports not the original data (Livelog etc.)

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                          • remote syslog log selection

                            When new logging types are released by Sophos (e.g. restd) they have to be manually enabled in Logging and Reporting > Remote Syslog Server > Remote Syslog Log Selection even if Select all was previously utilized. Instead, it would be great if Select all was persistent instead of a single-use toggle and those log types were then automatically sent to the remote syslog server upon update.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                            • Output option based on status cord

                              We use HTTP proxy AD SSO. When AD SSO is used, httplog is filled with lots of status cord 407. We're pestered with increase of I/O caused by output of status cord 407.

                              Because it's AD SSO, it's no doubt to request authentication. It's meaningless to output this in log intentionally. We don't want to output status code 407. So we propose addition of log output option by a status cord.

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                              • DNS Request Logging

                                It would be great to have a full history of DNS requests. Many organizations filter TCP/UDP:53 at the edge, and employ Split-Brain DNS configurations. For smaller organizations which rely on the built-in DNS server of the UTM, it would be nice to have full logging of DNS requests; this would make for better analysis of SIEM data as well.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                • Logging: show crypto session characteristics

                                  It is desirable to know the crypto characteristics of SSL/TLS sessions (services WAF, Web Protection, even SMTP). I am looking to know the cipher suite or its components: SSL/TLS protocol version, cipher used, MAC used, PFS group, etc). For planning purposes, it would be valuable to know which ciphersuites are in use, so that older ones such as TLS1.0 can be dropped when they are no longer needed. For forensic purposes, it becomes important if we ever need to investigate whether a successful downgrade attack has occurred.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    2 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                  • User Session Page

                                    User can see their Session time in browser pop-up page. That pop-up page can not close without logout. (In current setting there is no logout page ones browser is closed)

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Live User List with admin can logout the session.

                                      Admin can see live user list and also can logout user session

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Bigger ChangeLog for Webadmin

                                        Some of our Customers would like to have a more detailed Changelog in the Webadmin. The 20 etnries are not enough. A seperate Log for the Webadmin would be appreciated.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Number of logs to display per page in Log Viewer

                                          Number of logs to display per page in Log Viewer. As earlier in cyberoam

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.