SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. VPN: Restrict Roadwarrior VPN Connections by Source

    To ensure that even service engineers or any other users will be able to connect to company's network only from restricted IP/network.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. Reporting: Historic change reporting

    While ASG already tracks every change made, it would be nice to have this information delivered as a summary report.
    Possibility to
    * generate reporting about system configuration changes done by different admins (i.e. creation of new groups, modification of rules, etc.)

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. RED: Power over ethernet support

    A powerswitch via ethernet would help to reset a red.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  4. ASG Hardware: Rear USB Ports

    Hi,
    with ASG220 rev4 the USB ports on the backside of the ASG got lost.

    This is not very useful, because know I have to put UPS and KVM cable to the front.

    Please have 2 USB Ports on the backside again.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  5. Network Security: Per-Rule IPS Logging

    The ability to turn on detailed traffic logging for certain rules is a standard, and very useful feature of many IPS/IDS systems. This way the administrator can see the traffic (preferably in standard pcap format) that made a rule fire and decide if it is a false positive or a genuine attack. It is also a feature in snort, so it should not be very difficult to implement. The pcap files should be attached to the alert emails.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Networking: Separate DHCP server for IPv6

    I want DHCPv6 to be managed by Active Directory. This would create a situation much like many organisations today - the firewall is managed by group A (network / firewall group) and DHCP is managed by the group B (Wintel / Active Directory team).

    Would it be possible to use RA's to provide v4 addresses to O/S's that do not (currently) support DHCPv6 yet still have those machines that do support DHCPv6 work? Would it be possible to have them both running at the same time, using stateless autoconfiguration as a failback in case the guest does not support DHCPv6

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. Wireless: Bind SSID's to an Interface

    I think it would be very useful the possibility to choose the interface card that you want to use binded to a wireless interface. In this way, if you have for example 3 interface cards that you want to be available for an AP (and all AP are connected to the same interface, ie internal), you can bind each SSID to a specific interface without manually creating any Wi-Fi network, and avoiding to duplicate-triplicate the packet filter rules, DNS configurations, masquerading configs, proxy profiles, and so on.

    IE: You have Internal, DMZ, Guests physics interface cards, you will simply:

    Bind…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Web Protection: Create Proxy Auto-Config (PAC) file automatically

    Since the ASG is the proxy, and it knows what methods are allowed and for/by whom, and when (we have some time-based profiles for our factory area) then why does it not auto-create the necessary code for autoconfig to work instead of us? Would be great instead of trying sample code and replacing the names, addresses, and so on with our real data?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Bypass Web Proxy Authentication to Default Profile

    Allow users to cancel Authentication when trying to visit a website. Currently there is a login form (transparent http proxy with Active directory Authentication) but no cancel button. This will force all users to authenticate, but what if the site is not blocked by default profile proxy profile. I know checking all profiles to see if the site is bloced prior to authentication may be too much, but what about checking the url against the most restrictive (default template filter with base categories) then requiring authentication if the site requires a higher profile under a different proxy filter? I was…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. E-Mail Quarantaine Report to Admin

    It would be nice if it is possible to configure the daily quarantine report to send to only one e-mail adress (admin?) and not to all single users. I must check the Mail-Manager when i deactived the Quarantine Report at the moment. It would be nice if i can get a complete report all filtered mails for the day to check/release them.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Networking: Concurrent Connections Limiter

    At this time there is no possiblity to limit the external connections from the ASG to a specific IP/ server.

    At our production location we have to use an external party that has a very strict firewall. If more than lets say 100 connections originate from the same IP, this IP gets blocked.

    It would be nice if an option becomes available in the ASG.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Notifications: set notifications per user/group

    It should be possible to address notifications to different users or user groups.

    For example:

    IPS warning to user a@exmaple.com

    Base system notifications to user b@example.com

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Logical DMZ

    Suppose I have one device which needs unfettered access to/from the web. If my machine is out of NICs, I cannot dedicate a NIC to a DMZ "network". I just want to allow one particular device to come and go without restriction. It would be nice to be able to logically DMZ a host based on IP or MAC address for that purpose.

    NOTE: I am aware that I can create IP Filter rules and DNAT rules for a host to have seemingly unfettered Internet access, but trust me... that does not work for some devices. I have tried... several…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Network Security: Default new Packet Filter Rules to top

    When adding new Firewall Rules, make it so that I can set a preference that all new rules will be auto-placed at the top.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. RED: Configurable port for communications

    If the RED could communicate (establish a VPN) on a port other than its default, this would allow easy integration into a network with a locked down firewall without having to involve local IT resources.

    Since ports 80 and 443 are often left open in small network environments, the device could be even more easily drop-shipped for installation.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  17. RED: Combined Red and Access Point

    Have the RED device come with a built in wifi access point similiar to the new offering from Meraki (MR12/16/24).

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Always inject Confidentiality Footer Option

    For each outgoing e-mail, you can add and customize a confidentiality footer
    informing users, for example, that the e-mail may contain confidential or privileged
    information. However, the confidentiality footer will not be appended to the
    e-mail if the e-mail is a reply (i.e. having an In-Reply-To header) or if the content
    type of the e-mail could not be determined." It would be really good to be always applied

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Security: Exceptions support for Unscannable Files

    we should add execption for Block unscannable and encrypted files as this field can be enable/disable form http proxy but i think i will always keep it enable and let add execption to user or director (to send and recive password protected file )

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. PoE port on 110\120 or Red Device

    With it becoming more common to have VoIP phones in home offices it would be an added benefit to have a PoE port on one or more of the 4 Ethernet ports on the ASG110\120 or Red Device. Additionally it could be used to power a single Astaro wireless access point for a small or home office.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.