SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Let's Encrypt Domain Validation via DNS challenge

    Let's Encrypt Integration is really cool but it would be even better if there is support for Domain Validation via DNS challenge. With DNS challenge, you can prove domain ownership (through responding to a challenge with a DNS TXT record) without the need to expose any services to the Internet.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Password Age Setting as QSA Requirement

    Hi ,

    As per QSA requirement that the password age setting feature and the change in password notification be available. This is a pain for us and is hampering the client to convince them to deploy more Sophos UTM.

    Regards,

    Clyde - TN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. dhcp static mapping

    Have a DHCP IP Reservation function similar to XG Firewalls.

    In XG, you can simply reserve an IP address in the DHCP pool so this will only be assigned to a specific user.

    This is not the case with UTM as you have to manually reserve static IP addresses outside of the dhcp range

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Self-service VPN password/QR code reset

    We have a large number of VPN users and not a day goes by when I don't get an email from a user claiming they got a new phone and need a new QR code and also they forgot their password so could I just go ahead and reset their account for them? Life would be simpler if there was a Forgot Password option where it would send them a password reset link. The process would also delete their OTP Tokens so they would get a new QR code after resetting their password.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. Manual Sandstorm Upload in User Portal

    Enable the new manual Sandstorm Upload for a select group of Users in the User Portal.

    We would like to enable people who are the first point of contact, e.g. HR Department for job applications, to be able to scan suspicous documents and files for a thorough analysis.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Update SSL VPN to newest OpenVPN version.

    MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.

    78 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. TOP10 VPN Clients by duration section in Executive Report does not combine different case of the same user name

    In the Executive Report, the TOP10 VPN Clients by duration section does not combine user names that are used in different case. For example, "User1" and "user1" are show as unique users on the list. Given that users have to manually type their user name in the SSL VPN dialog, it can't be expected for users to keep the case the same.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Preventive email base leak.

    Preventive email base leak.

    E.g. text may contain several emails. we are counting only unique adresses. Text may include more than one email repeating and it must count as one consilience.
    If some settings is exceeded email transmission is stop.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. restrict machine to log in on remote access vpn if it do not have any sophos agent installed on the machine

    Customer is requesting to have restriction for the machine to log in on remote access vpn if it do not have any sophos agent installed on it. For your assistance please

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. ipv6 traffic utm

    As an admin in times of growing Internet of things with about 50.000.000.000 IPV6 things in about 2 or 3 Years. I hope to be able to administer ipv6 Networkconnections and there possibilities by the Webadmin tool. Not only generally for all interfaces. And not by doing this in the shell.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. WPA3 update for current products upon release

    I hope that Sophos will update their current AP products to WPA3 and not only ship new hardware with a WPA3 certification and firmware. The release of WPA3 is planned for late 2018 and would be a great addition to existing hardware installations.

    51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Dark Mode

    Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...

    Why not the Web-Interface of the Sophos XG Home?!?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add WIFI feature to kick users

    Add WIFI feature to kick users/devices out on Guest Wifi after a certain period of time to free up the bandwidth.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. WAF Logs - Please add action fields

    Currently Sophos UTM IPS and WAF has no indicator on its logs if a certain traffic was Blocked, Allowed or Supposed to be Blocked (if worker node is running on Monitor mode). Which is a problem for a multiple deployments which is running on a combination of Reject/Blocking mode and Monitor mode. Please add this as another field on your logs as all of other WAF's and IPS that I handled before has. Many other customers had or will find this feature lacking when operating and monitoring on multiple worker nodes.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  15. fake email-sender-address

    EMail-Sender-Address has normally this form : "Given Name" <senderemail@domain.com>
    1. a part - shown-name, human readable name of sender
    2. a part - sender-email-address

    SPAM/Malware comes often with an additional email-address in first part.
    like this : "Given Name <FakeEMailaddr@fakedomain.com>" <senderemail@domain.com>

    You see in outlook Mail only the first part "Given Name <FakeEMailaddr@fakedomain.com>".
    The real sender-EMail-addresse will be hidden.
    You can only see the real Address you move the mouse pointer over shown first part.

    The User don't check this and belive it comes from "Given Name" with the email-address FakeEMailaddr@fakedomain.com.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Spam Report Customization

    It would be nice if it were possible to customize the Spam Report. E.G. to add Blacklist and Delete Buttons.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. fw-notify.net DKIM signing for notifications

    Many email systems are blocking messages sent without DKIM authentication. If possible, please consider adding local DKIM ability or preferably, global DKIM ability (that's tough because of the private key required) for message signing). My ISP is now classifying all email sent from fw-notify.net as SPAM because the messages lack DKIM.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
  18. AD Nested group support for policy helpdesk

    Hi,

    Policy helpdesk can not handle Users in nested groups . (It shows Blocked to all site for these users but in reality (in practice) it works from the end users browser)
    Please add fully support to AD nested groups in all parts of UTM.

    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Fix the Bug where X-Forward-? host headers are passed when pass host headers is turned OFF in the configuration

    This should be a critical bug in the product but has been downgraded to a feature request for an unknown reason.

    Issue details
    X-Forward-Host and others are appended to the request when the client sends the data (usually as a hack attempt). This results in both the values from the client and the value set from the firewall being sent through to the back end web server.

    Please treat this as the bug it is and not as a feature request.

    Tracking details:
    Development reference number: NUTM-11135
    Current Status: Assigned to backlog
    Issue type: Feature Request

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. bgp

    Make BGP transfer it's state so that during high availability failovers BGP connections are not lost for 20 seconds when BGP is restarting.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.