SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Firewall Rule : [BUG] The trigger area to turn on or turn off rules is expanding according to the size of the rule

    Please Correct the trigger area ON-OFF on firewall rule policy, please make it just only clickable only on the bottom icon. Now the activates area is expanding according to the size of the rule??
    We have to face the difficulty of using it. we always disable the rule by mistake because we did not recognize the area which is not an icon also do the trigger

    But this behavior did not happen in NAT Rule, Masquerading, or any toggle switch on other features in the firewall.
    We used Firmware Version: 9.702-1

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Possibility to put a description to the accesspoint

    Would be nice to have a description option for the accesspoint in the wireless protection.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. port 25

    The default port to email a backup copy of the settings is Port 25.

    Many ISPs block Port 25.

    It would be helpful if an alternate port could either be chosen or selected such as Port 587.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. To change the label name of Master and ***** in HA:

    To improve team communications by removing perceived discriminatory language.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSL Site-to-Site VPN uses the same IP pool as SSL-Remote-VPN

    SSL-Site-to-Site-VPN uses the same IP pool as SSL-Remote-VPN. This leads to problems if the UTM acts as an SSL-Site-to-Site-VPN-Master and at the same time as an SSL-Remote-VPN-Master.
    By using the same pool, packets from the respective VPN systems are routed incorrectly. For example, packets from the remote VPN can be routed to peers in the Site 2 site tunnel.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. Option to disable the TLS 1.1 in email appliance

    Option to disable the TLS 1.1 in email appliance

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP

    Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP, would allow visiblity and reporting of remote users over an extended period of time

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  8. SSLVPN: Bad Compression header

    Hello,

    I'm using SSLVPN and am getting "Bad compression error" as mentioned in below post:
    https://community.sophos.com/products/xg-firewall/f/vpn/100669/ssl-vpn-bad-compression-stub-decompression-header-byte-102

    Downgrading OpenVPN client to version 2.3.10 solves this issue.

    As discussed with Sophos Escalations Team, raising a request here to upgrade OpenVPN server of Sophos to make it compatible with newer versions of OpenVPN client.

    Ubuntu 18.04 onwards ships with newer version of OpenVPN client and its older versions are no longer supported on Ubuntu 18.04 onwards. Hence, it would great if this can be done at the earliest.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. Wordpress Security

    Its Zubair, I am a WordPress developer, and I am finishing the project for my client. My client is very conscious about security and privacy, So I have taken all the precautions while developing a website. I have followed this guide: https://codup.co/wordpress-security-guide If anything is missing in this guide and if something is important, then please let me know.

    Thanks in advance

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. new DHCP Option code

    new DHCP Option code:

    Option Name: 200 H323 Gatekeeper
    Vendor: Innovaphone

    Thanks

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Dark Mode

    Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...

    Why not the Web-Interface of the Sophos XG Home?!?

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  12. S/MIME certificate export durch GUI.

    It will be nice, if there is a button for downloading the extern S/MIME Certificates from Email Protection > Encryption > S/MIME Certificate.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  13. FastestVPN is the hallmark for success for VPN providers in the world here's why?

    FastestVPN was formed in the Cayman Island in 2017 and instantly became a success, their renowned features made them the best VPN for Android users, and their formidable security protocols, also named them as the best VPN for IOS users as well!
    https://fastestvpn.com/download/android-vpn

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add options to reject or quarantine emails that fail or have invalid DKIM

    Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

    33 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. DHCPv6 Prefix Delegation for Subrouters

    The possibility to re-delegate a ISP-Prefix to Subrouters behind the Sophos UTM.

    Scenario: The Sophos UTM is on the edge of the Network an gets a /48-Prefix. The UTM has to re-delegate a smaller Prefix to Subrouters via DHCPv6-Prefix-Delegation.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. mib

    hi all,

    I would like to monitor via snmp users vpn sessions, ie there bandwith and the user logged on at any given time on my utm 9 device.

    thanks,
    Rob

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. ? - on risk level under reports

    Hi Guys, on my application risk report I see ? instead of a risk number. this is on my UTM XG135. for example for port 443. cant this be changed to may be risk 0 instead of a ? as when you view reports we cant actually distinguish what actually this means and have to login to firewall and go and pull up the report to actually see which defeat the purpose of having a report the first place.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. UTM AD Realtime Refresh For VPN Users

    I have been doing a setup for a client where we use Cisco Umbrella (web filtering) over the SSL VPN configured on the Sophos UTM.

    This VPN is set to use AD Authenticated users, however we have noticed when we are looking at the logs on the cisco side, the AD user does not match the IP address being used, it looks like the AD user being shown is 24 hours behind, and if a new user connects to the vpn with a new IP which was previously used by another user, this can cause incorrect results.

    Now I raised…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Upgrade OpenVPN to fix key lifetime OTP issue

    if you have one time password (OTP) turned on and you reach key lifetime which by default is 8 hours the VPN kicks you out because it tries to re-authenticate with the old OTP password - new versions of openvpn have fixed this - a work around is to adjust the key lifetime which decreases security

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. cipher

    Kann der SMTP Dämon inbound mehr Cipher unterstützen, z.B.:
    TLSECDHERSAWITHAES
    ...256
    GCMSHA384
    ...128
    GCMSHA256
    ...256
    CBCSHA384
    ...128
    CBC_SHA256

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.