SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Import existing logs into iView

    Be able to import or transfer existing logs to iView that were already on the UTM prior to setting up i View.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  2. Intrusion Prevention Reports - Incomplete Data in Logging->Network Protection->IPS Tab

    Both the IPS tab for Logging->Network Protection->IPS and the IPS section of the Executive reports does not contain complete information about the intrusion.

    For example:

    -There is no way to determine the date and time from either report. You have to view the raw logs. Please add a date/time column for each report.

    -There is no way to link all sources with all destination from either report without doing multiple searches. You have to do it one at a time. Please simply add a Source, Destination, and Rule column for reports on both the IPS Report as well as the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  3. Two factor auth with L2TP and Radius - Does not show in ‘online users’ on the dashboard.

    Two factor auth with L2TP and Radius. Does not show in ‘online users’ on the dashboard.

    The only place they can been seen is Configuration > Logging & Reporting > Remote Access

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  4. ipfix template issue

    Hi,
    There was a request/post in regards to getting IPFIX to be connected to Solarwinds, https://www.astaro.org/gateway-products/management-networking-logging-reporting/50338-ipfix-error-solarwinds.html

    Could this issue be addressed, we would like to use their product but the template is being rejected. Since the UTM does not support other netflow options, this should be addressed because the majority of firewall companies have these options.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  5. Change mail logs display from "return to" address to "sender" address

    I have found that the SMTP logs and Quarantine logs actually display the "return address" and not the sender address.
    This makes it impossible to search for mail from a particular person if they use a third party email responder service.
    I have found a lot of clients are now using third party mail services, eg ANZ, BOC, Blackwoods etc.
    This means in our logs we appear to have a lot of mail from "*@chost.net.au" (the third party mail service) but we have no idea who the real sender was ANZ, BOC etc....
    Support confirm this problem, but only suggest…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  7. Conncurrent Connections per Host

    Currently, Sophos UTM allows you to see Concurrent Connections on the Dashboard, Interfaces & Routing page as well as Logging & Reporting --> Network Usage --> Bandwidth Usage for a Total Connection usage count.

    It would be useful to illustrate a real time breakdown for which Hosts are occupying said Concurrent Connections. I've been able to track TCP Connections via ip_conntrack, however, I'm sure the Sophos UTM has a cleaner approach that could be used to isolate connections at the IP level.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  8. Logfile guide for WAF

    here was a demand from our important customer.
    The customer uses the function of WAF, but is troubled in operative duties very much.
    It is because there is not the guide of the log file.

    Please make the log file guide including the following contents about WAF.
    1.Log format
    2.A meaning and coping method of the error code

    In addition, it was not listed in the following sites.

    https://www.sophos.com/ja-jp/support/knowledgebase/115634.aspx

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  9. should add an option for logging dhcp-relay requests for troubleshooting issues.

    I had some issues with my dhcp server. In this case it would have been helpful to see if the requests are going through the utm or not.
    So please add an option for this.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  10. to display the corresponding web filter exception name in the http.log

    It would be useful if you could see the name of the correspondig web filter exeption in the http.log on the UTM.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create a search tool that checks all logs, so I don't have to search each log individually to see what component is blocking something

    Create a search tool that checks all logs, so I don't have to search each log individually to see what component is blocking something

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  12. Output Interpreter

    I'm missing the "Output interpreter" which you can find on Cisco homepage. Cisco is providing this feature on their homepage. The Output interpreter can interpret the log which you have from the router and much more.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add User Agent in reverse proxy logs.

    We had this information in our previous firewall and was helpful to know what agents are running probes.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  14. Customer wants more control over the reports in the UTM

    Customer wants more control over the reports in the UTM: statistics from DB about Network usage per User, usernames, machine name, IP - more detail below:

    Detailed description of Feature request for Reporting subsystem
    1)
    Name: Show user names in Network usage report, instead NXDOMAIN, when use Transparent proxy with Browser auth
    Business requirements (reason for feature): Network usage report used for internal billing of Internet usage
    Importance: 1 = Critical

    Customers can’t use external systems, which based on Syslog, because there is no information about amount of data in Logs: SMTP, POP3, etc
    Customers don’t have access to DB,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  15. Additional fields in syslog messages - allow correlation with other logs

    For "reverseproxy" syslog messages, please include enough details to uniquely match the UTM's logs with other device logs (upstream firewalls, netflow, real webserver logs, etc).

    The current log doesn't include the local IP and port used by the UTM to make the request of the real web server and it doesn't record the source port used by the true client. This makes it hard to differentiate multiple requests coming from a single NAT IP address

    The resulting log would look like this:

    srcip='1.2.3.4' # existing
    srcport # add this to record the source port used by true client
    localip='9.8.7.6' #…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to choose syslog severity

    I cannot believe this is not possible it is a standard feature of most networking/security products.

    The ability to define what level of severity you want output to your syslog server. Currently its either ALL or NOTHING. When running log correlation you do not want the syslog server filled up with noise.

    RFC 5424 defines the ability to set severity levels, can this be implemented ASAP along with any other logging improvements.

    Thank you

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please add country name to firewall log when blocking country

    Sometimes you have to identify and resolve country blockings but ar not able to get the country with searching IP databases. Would be very nice when log names the found country. Perhaps this can be combined with other request depending mail logs.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  19. Logging Authentication failure in Webfiltering

    It would be good if you could write the failed authentications in the web filtering log.
    It could be used to determine which client someone logs wrong.

    Example: 2015:02:18-07:20:04 deproxy03-1 httpproxy[6423]: id="0001"
    severity="info" sys="SecureWeb" sub="http"
    name="http access" action="Authentication
    failed" method="GET" srcip="10.68.20.171"
    dstip="62.159.74.50" user="userx" ad_domain="domainx"
    statuscode="200" cached="0" profile="REF_HttProSsoad
    (SSO-AD)"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  20. iview

    in iView reporting (eg. 10.176.200.27:8000, not the port 4444 one), user would like to have the object name based in Reports > Web Usage (such as Top Web Hosts). at the moment, in UTM, we can see IPs and Objects, but in iView, only IP based data shows there, since the user has no AD, then object based data reporting is need.

    related case number: 4857872

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.