SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SSL VPN Remote Connection after a time automatically configured from the firewall, disconnect

    For an industrial remote connection, we need restrictive configuration options. with a UTM firewall, we would have to be able to interrupt remote access from the firewall. It would be great if each dialed connection could be disconnected after a certain time, as an example of an hour. with increasing internet attacks, we unfortunately have to pay more and more attention to possible entry gates.
    Will it be possible to find such a feature in Sophos firewalls in the near future? Especially for our purposes, with the SG115 UTM. At best a script that would install this feature?

    Translated with …

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allowing only facebook messenger but facebook app blocked

    Block facebook app but allowing facebook messenger app only via app control.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  3. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. restrict machine to log in on remote access vpn if it do not have any sophos agent installed on the machine

    Customer is requesting to have restriction for the machine to log in on remote access vpn if it do not have any sophos agent installed on it. For your assistance please

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Let's Encrypt - Editable Certificate in Certmanager

    As we use Let's Encrypt for Exchange Secure and have to add additional customer Domains every few days it would be nice to have a 'Edit' Button in Certificate Manager to add those Domains rather to create a new Certificate, remove the old one and change it everywhere in Sophos

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Mail manager quarantine confirmation when deleting an email

    Emails that you accidentally select as delete will be deleted without confirmation. A confirmation if you really want to delete this email would be meaningful.

    Otherwise, the e-mails will be irrevocably deleted...

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide link for checksums along with firmware download

    As far as I can see, there are no checksums provided for firmware downloads for Cyberoam UTM devices. Providing hashes using a known strong algorithm (e.g. SHA256) is standard practice, and is especially important for firmware upgrades for critical security infrastructure. This is trivial to implement and it would be nice to have a link to hashes added in the notification banner for firmware upgrades. Bonus points for signing it with a GPG key.

    It's possible that these are available, but they should be more apparent and be located in the same place as the firmware file or with the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
  9. AWS VPN Automatically Create IPS Exception

    We recently migrated our AWS VPN's from their 'Classic' to their 'New' style. We had major issues with this (and not a lot of documentation from either Sophos or AWS on what the issue could be).
    AFter having 4 Sophos engineers look into the problem, it turns out that the new AWS VPN uses NAT-T which was being caught by the UDP flood protection, as it's between two 169.x.x.x IP's at either end of the tunnel.

    Since importing an AWS VPN config is supposed to be largely 'hands off', creating all the BGP and VPN settings in the background, it…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. ssl vpn IP blacklist / whitelist

    i am getting a lot of rouge traffic trying to connect to my SSL VPN - black listing and white listing IP's, IP ranges or ISP's would be good

    i know that it's secure and chances are they will never get in - though all the extra protection helps and if a flaw was ever found in openvpn this would help

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. Dark Mode

    Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...

    Why not the Web-Interface of the Sophos XG Home?!?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  12. fake email-sender-address

    EMail-Sender-Address has normally this form : "Given Name" <senderemail@domain.com>
    1. a part - shown-name, human readable name of sender
    2. a part - sender-email-address

    SPAM/Malware comes often with an additional email-address in first part.
    like this : "Given Name <FakeEMailaddr@fakedomain.com>" <senderemail@domain.com>

    You see in outlook Mail only the first part "Given Name <FakeEMailaddr@fakedomain.com>".
    The real sender-EMail-addresse will be hidden.
    You can only see the real Address you move the mouse pointer over shown first part.

    The User don't check this and belive it comes from "Given Name" with the email-address FakeEMailaddr@fakedomain.com.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. MAC white list for obtain IP from DHCP server on UTM SG

    Hello Sophos Team,
    With hundreds devices in a company, it will take a lot of time to add each host MAC and IP with static mapping option. We need some features that will allow only known MACs to obtain IP addressed from DHCP pool on UTM SG device.
    Thank you for your cooperation and hope to see it come true in future.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Send notification when special amount of email is reached inside spooler to control communication between firewall and mailserver

    Send notification when special amount of email is reached inside spooler to control communication between firewall and mailserver. (Problems of broken connection between firewall and mailserver are faster visible.)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. AWS Transit Gateway Support

    Currently, the Amazon VPC setup does not support the new Transit Gateway in AWS. When you attempt to import via config file or secret key it errors out with a Regex error.

    I went up the whole chain of premium support and the GES Engineer let me know it currently isn't supported.

    As Transit Gateway is the future of Inter VPC & S2S networking this would be nice to have supported.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. sophos connect automatic user creation

    Sophos connect with Radius does not support automatic user creation. This causes an issues with new accounts as we have to wait for the next prefetch cycle before they can be used.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. Pop-up legend for charts in "Logging & Reporting -> Hardware" does not order to match the catagory in the chart

    In the pop-up legend for charts in "Logging & Reporting -> Hardware" when scrolling to see exact values on the graph at a point in time should have the order to match the catagory in the chart. This is shown and described in the top image in the attached file. The second image also shows the order should be change so the "log" is on the bottom. Changing the order will also make it clear which line in graph matches what item being plotted.

    Both charts show that the color code for items in the legend do not match the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. DB cleanup after adjusting report retention time

    It would be sweet if the SG would do a cleanup/purge of old data beyond reporting time.
    Path: "logging & reporting --> reporting settings --> settings"

    This is especially handy with the smaller devices with excessive logs and will prevent us from doing a REBUILD DB, with the loss of whole database.

    (Example of reallife situation in CaseID [#8254771] )

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. dhcp static mapping

    Have a DHCP IP Reservation function similar to XG Firewalls.

    In XG, you can simply reserve an IP address in the DHCP pool so this will only be assigned to a specific user.

    This is not the case with UTM as you have to manually reserve static IP addresses outside of the dhcp range

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Check the DHCP server's 'Range' when creating a Host with Static IP

    When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed. Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult. Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy. For example, I just got the following:

    secure:/root # cc get_objects dhcp server|grep \'range
    'range_end' => '172.16.31.110',
    'range_start' => '172.16.31.101',
    'range_end' => '192.168.66.254',
    'range_start' => '192.168.66.100',
    'range_end' => '10.100.100.63',
    'range_start' =>…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.