SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Upgrade WebAdmin CA to create 2048bit keys in Certificates

    Sophos does currently not support the VPN Connection of iOS devices due to incpmliant key length in Certificates. Apple devices expect 2048 Bit. Please upgrade the WebAdmin CA.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. bandwidth usage reporting

    Logging & Reporting / Network Usage / Bandwidth Usage
    shows an IP which is apparently the source of the bandwidth used.

    Please add another column, and label them "Source IP" & "Destination IP".

    Our UTM-9 is deployed in a datacenter, with a few dozen IPsec Site-to-Site VPN Tunnels. A few of them have similar remote subnets and we need to be able to track bandwidth usage through a given tunnel. Knowing both source and destination IPs for my bandwidth used would sure be nice.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  3. syslog messages RFC 5424

    Logging: Syslog Support of RFC 5424

    is it possible to change the time format for the syslog messages?
    To the RFC 5424 format?
    br
    Kai

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  4. open source

    Hello,

    Open the source code of UTM SG

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Microsoft Authenticator App for OTP

    Support MS Authenticator App for OTP so customers with Office365/MS365 only need 1 authenticator app on their device

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Android or IOS Malicious Apps

    Hi, need a little guidance since I’m not all that familiar with many apps. I heard that Android and iOS are launching extremely dangerous apps? Are there any in particular I should be worried about? click here for further info
    https://www.ilounge.com/articles/android-and-ios-releases-a-whole-wave-of-sketchy-apps

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reboot AP from command line or crontab (scheduled task)

    I've 3 AP connect to a UTM, i would reboot them but not manually with the aweetool, with a schedule task (crontab, rc.local, shutdown -d [time] ecc..., at the moment do this isn't possible..

    This "feature" is very important for a correct connectivity ofthe AP, because
    every one/two/three months you are forced to restart them manually.
    The awetool is useful but yu need to connect to UTM by ssh, start the tool, find the AP and reboot it MANUALLY.
    Give the possibility to create a crontab for do this wil be very very useful, we'll apreciate it.
    thanks

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. country blocking for crimea region

    Please implement the crimea region in the country blocking options.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. otp

    Fix Password Compatibility Issue

    Passwords ending with 6 or more numbers cause the Auto-create OTP token feature to fail. This limitation should not exist. Until it is fixed it should be noted in the documentation and attempts to use an incompatible password should produce a clear error message

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. WebProxy_SSL-Scanning: Change the Certificate Subject Name...

    Please implement the possibility to change the Certificate Subject Name, for the certificate which is delivered to the clients, when doing SSL-Scanning.

    The Certificate Subject Name is currently the IP address of the requested URL. Unfortunately, a lot of linux systems have a problem, if the Certificate Subject Name is the IP and not the FQDN of the requested URL.

    Could you please change or implement this?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Remove the diffie-hellman-group1-sha1 in ssh service/port-22

    Hi Sophos,

    We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.

    We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,

    Please kindly provide a step or your action to remove it.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Stop SSL VPN from storing users' passwords in client PC's memory

    Currently the Sophos SSL VPN client logs this warning in its log when connecting: "WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this"

    This appears to be a security risk, since a malicious program could conceivably obtain the user's login credentials.

    I opened a ticket with Sophos support for this, but they confirmed there is no way to make the UTM add this option to the .ovpn files when it creates the client installer bundle for a user. The user CAN manually add it to their .ovpn file, but it's not feasible to…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. Quarantine mail contains only reason "File-Extension" but not which extension exactly

    We have configured the system to quarantine emails with certain extensions.
    However, the recipient then only sees the quarantine reason "File Extension" in the notification. It is urgently desired that he also sees directly which file extension it is. The admin only sees this in the mail manager

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. E-Mail Protection: Allow specific file extensions in the quarantine release options

    We have a list of file extensions that we block for mail exchange.
    But we want to allow our users to unblock only specific file extensions like doc or docx in the quarantine portal.
    The extensions like .exe or .bat etc. must remain forbidden
    At the moment in the quarantine release options it's only possible to allow/disallow every file extension.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Firewall Rule : [BUG] The trigger area to turn on or turn off rules is expanding according to the size of the rule

    Please Correct the trigger area ON-OFF on firewall rule policy, please make it just only clickable only on the bottom icon. Now the activates area is expanding according to the size of the rule??
    We have to face the difficulty of using it. we always disable the rule by mistake because we did not recognize the area which is not an icon also do the trigger

    But this behavior did not happen in NAT Rule, Masquerading, or any toggle switch on other features in the firewall.
    We used Firmware Version: 9.702-1

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Possibility to put a description to the accesspoint

    Would be nice to have a description option for the accesspoint in the wireless protection.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. To change the label name of Master and ***** in HA:

    To improve team communications by removing perceived discriminatory language.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  18. SSL Site-to-Site VPN uses the same IP pool as SSL-Remote-VPN

    SSL-Site-to-Site-VPN uses the same IP pool as SSL-Remote-VPN. This leads to problems if the UTM acts as an SSL-Site-to-Site-VPN-Master and at the same time as an SSL-Remote-VPN-Master.
    By using the same pool, packets from the respective VPN systems are routed incorrectly. For example, packets from the remote VPN can be routed to peers in the Site 2 site tunnel.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. Option to disable the TLS 1.1 in email appliance

    Option to disable the TLS 1.1 in email appliance

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP

    Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP, would allow visiblity and reporting of remote users over an extended period of time

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.