SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please block Star VPN under Proxy VPN

    Hi there,
    Please add Star VPN under proxy VPN.
    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. AWS VPN Automatically Create IPS Exception

    We recently migrated our AWS VPN's from their 'Classic' to their 'New' style. We had major issues with this (and not a lot of documentation from either Sophos or AWS on what the issue could be).
    AFter having 4 Sophos engineers look into the problem, it turns out that the new AWS VPN uses NAT-T which was being caught by the UDP flood protection, as it's between two 169.x.x.x IP's at either end of the tunnel.

    Since importing an AWS VPN config is supposed to be largely 'hands off', creating all the BGP and VPN settings in the background, it…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Disconnect SSL VPN User Sessions

    If I have to disconnect SSL VPN User Sessions, it would be fine, when I have a button.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. SSL VPN - Assign IP address via internal DHCP server

    When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

    43 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. TLS 1.2+ support for User and Admin Portal

    UTM doesn't support anything higher than TLS 1.1 For the User and Admin portals. This is a huge security fail for a security appliance.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Reflexion

    How Do I setup a scheduled report?

    I would like a daily report emailed to me of any deferred messages for any of our customers.

    I would like a Monthly report emailed to me of the users for each customer.

    I would like a monthly report emailed to me of the blocked messages for each customer. Preferably by threat level.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Native Windows 10 SSLVPN UWP VPN plug-in

    Can we get a Windows 10 VPN plugin like the other vendors have done to allow SSLVPN over the standard Windows 10 VPN client.

    This would solve all the deployment problems with the legacy client, No more saving passwords in text files, no more TAP adapters, no more messing with shortcuts to make the process transparent.

    Here is an example of how easy deployment is with a plugin to the built in

    Add-AppxPackage -Path "C:\VPN.Appx"
    $xml = "<MobileConnect><Port>4433</Port></MobileConnect>"
    $sourceXml=New-Object System.Xml.XmlDocument
    $sourceXml.LoadXml($xml)
    Add-VpnConnection -Name "Work Network" -ServerAddress https://vpn.work.com:4433 -PluginApplicationID SonicWall.MobileConnect_cw5n1h2txyewy -CustomConfiguration $sourceXml -RememberCredential $true

    You can even configure the VPN connection…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. Let’s Encrypt - configurable key size

    Would be nice if it would be possible to configure the key size of automated created Let’s Encrypt certificates by Sophos UTM with Let's Encrypt Method --> described here: https://community.sophos.com/kb/en-us/132940

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. SPX Encryption and DKIM in Email Appliance

    There is already a known issue (SEA-749) for this but when can expect a resolution for being able to DKIM sign SPX Encrypted emails in the Sophos Email Appliance?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Flood emails with the same source

    It would be interesting some blocking method for e-mail sended from a same address in a small space of time.
    Eg: the address bruno@sophos.com sends 1000 email to the protected domain on UTM in 2 seconds.

    Remembering that this would not apply to the whole domain but to an speciffy address.

    This would be interesting when an email box is hacked and used to send many spams.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. How to find out active openvpn-connections, documentation for UTM9 API

    I would like to find out wether users are connected via openvpn or not. With a single request:

    https://my.utm9/api/status/openvpn/openvpn-officemunich

    to get:

    {
    "connectionname": "openvpn-officemunich",
    "active": false,
    "last
    starttime": "2019-12-30 08:00:00",
    "last
    endtime": "2019-12-30 08:14:03",
    "history
    description": "only last 24 hours are saved",
    "history": [

    {
    
    &quot;start_time&quot;: &quot;2019-12-30 08:00:00&quot;,
    &quot;end_time&quot;: &quot;2019-12-30 08:14:03&quot;,
    },
    {
    &quot;start_time&quot;: &quot;2019-12-29 23:10:00&quot;,
    &quot;end_time&quot;: &quot;2019-12-29 23:14:03&quot;,
    }

    ]
    }

    It is a great idea to have an API for Sophos UTM9 and to publish documentation here:

    https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx

    This documentation is from 9/2017 and I hope to find more substantial info in this document or…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Simultaneous logins setting by groups

    we need Simultaneous logins setting through which we fetch from the AD, with that we are able to set user login restrictions any number of login in one click

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  13. Report: PDF and HTML should be complete with the same Information.

    Hi @ all

    I notice that the Report in PDF-Format are not quiet the same as the HTML Format.
    I opened a case, it is this one:

    This is regarding your service request number 9320931.

    Thank you for your patience.

    I have discussed this internally and it seems this is an architecture/limitation from the firewall. If you believe that this feature should be available on the UTM for the better improvement then we would request you to raise a feature request on the link https://ideas.sophos.com/ and this feature would be introduced in our next updates.

    Please contact us for any…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. fake email-sender-address

    EMail-Sender-Address has normally this form : "Given Name" <senderemail@domain.com>
    1. a part - shown-name, human readable name of sender
    2. a part - sender-email-address

    SPAM/Malware comes often with an additional email-address in first part.
    like this : "Given Name <FakeEMailaddr@fakedomain.com>" <senderemail@domain.com>

    You see in outlook Mail only the first part "Given Name <FakeEMailaddr@fakedomain.com>".
    The real sender-EMail-addresse will be hidden.
    You can only see the real Address you move the mouse pointer over shown first part.

    The User don't check this and belive it comes from "Given Name" with the email-address FakeEMailaddr@fakedomain.com.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Multiple vlan support on pppoe interface

    I it possible to create support of multiple vlans on one pppoe interface? We do need it for our internet provider Telfort/KPN/XS4ALL. PFsense does support it, but Sophos UTM (software) does not.

    Internet is on vlan 6
    IPTV on vlan 4
    Connection PPPOE

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Web Protection Only EndPoint Agent

    It would be awesome to have a lower cost agent just to deploy congruent webfiltering etc to mobile devices. Having to pay for the full agent just to switch everything else off (especially now that Sophos Central is the recommended route for the other features) is superfluous and a bloatier solution.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Set a full set of snmp / api class / call for basic and deeper PRTG monitoring

    could it implemented, that the utm can be monitored by snmp - in all variants of working, activated modules by snmp or api.

    it is in this century not possible to monitoring deeper details of the utm. basically, there are any point s reachable - but it makes not the needings of an working utm with reds, vpns and else without any deeper investigations.

    Of course, be a partnership with paessler, like it was made by other software creators.
    So, it could be set as a given sensor in the PRTG gui, supported from Sophos / Paessler - it will…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  18. Check the DHCP server's 'Range' when creating a Host with Static IP

    When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed. Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult. Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy. For example, I just got the following:

    secure:/root # cc get_objects dhcp server|grep &#39;range

                        &#39;range_end&#39; =&gt; &#39;172.16.31.110&#39;,
    
    &#39;range_start&#39; =&gt; &#39;172.16.31.101&#39;,
    &#39;range_end&#39; =&gt; &#39;192.168.66.254&#39;,
    &#39;range_start&#39; =&gt; &#39;192.168.66.100&#39;,
    &#39;range_end&#39; =&gt; &#39;10.100.100.63&#39;,
    &#39;range_start&#39; =&gt;
    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. AWS Transit Gateway Support

    Currently, the Amazon VPC setup does not support the new Transit Gateway in AWS. When you attempt to import via config file or secret key it errors out with a Regex error.

    I went up the whole chain of premium support and the GES Engineer let me know it currently isn't supported.

    As Transit Gateway is the future of Inter VPC & S2S networking this would be nice to have supported.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. Custom Block Messages depending on different networks

    We want to be able to show different block messages to request from different users/networks/filteractions.

    We have one public hotspot were we provide internet access and another private company wifi.

    We want to be able to only show the administrators info (like telephone number) to the private wifi.

    Please implement this as a feature if possible.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.