When the UTM is sync with Active Directory, it would be nice for the UTM not to keep old Active Directory accounts within the UTM device, and for the ability for the UTM to keep upto date users from AD when the UTM does a sync,

as we are a school and we use the utm for the filtering / authentication - having to go through over 1000, accounts and remove them from the utm device is somewhat time consuming, if this could be added as a feature it would be really great and i'm sure other people would agree.

thank you

"security made simple" is a vital aspect of network security and in keeping with that model I suggest the following checks while creating host definitions:

1. When creating a host with an assigned IP, the system should check if that IP is already assigned or not. In a large scale network even though you can search and sort host definitions, it is prone to human error and therefore proper rudemantory checks by the system during creation should be performed.

1.1 one should not be able to create a host with an IP within a dynamic range

1.2 one should not be able to create a host with an IP matching an existing static mapping

EMail-Sender-Address has normally this form : "Given Name" <senderemail@domain.com>
1. a part - shown-name, human readable name of sender
2. a part - sender-email-address

SPAM/Malware comes often with an additional email-address in first part.
like this : "Given Name <FakeEMailaddr@fakedomain.com>" <senderemail@domain.com>

You see in outlook Mail only the first part "Given Name <FakeEMailaddr@fakedomain.com>".
The real sender-EMail-addresse will be hidden.
You can only see the real Address you move the mouse pointer over shown first part.

The User don't check this and belive it comes from "Given Name" with the email-address FakeEMailaddr@fakedomain.com.

Can Sophos check if an From String has in first part an email-address and check this against the real sender-email-address.

We recently migrated our AWS VPN's from their 'Classic' to their 'New' style. We had major issues with this (and not a lot of documentation from either Sophos or AWS on what the issue could be).
AFter having 4 Sophos engineers look into the problem, it turns out that the new AWS VPN uses NAT-T which was being caught by the UDP flood protection, as it's between two 169.x.x.x IP's at either end of the tunnel.

Since importing an AWS VPN config is supposed to be largely 'hands off', creating all the BGP and VPN settings in the background, it would also be good if it could automatically create a NAT-T exception in UDP flood protection.

I believe this will help avoid a future headache for someone else who's following the Sophos documentation to 'just load the config file and import it, job done'.

I would like to find out wether users are connected via openvpn or not. With a single request:

https://my.utm9/api/status/openvpn/openvpn-officemunich

to get:

{
"connectionname": "openvpn-officemunich",
"active": false,
"laststarttime": "2019-12-30 08:00:00",
"lastendtime": "2019-12-30 08:14:03",
"historydescription": "only last 24 hours are saved",
"history": [

{

  "start_time": "2019-12-30 08:00:00",

  "end_time": "2019-12-30 08:14:03",

},

{

  "start_time": "2019-12-29 23:10:00",

  "end_time": "2019-12-29 23:14:03",

}

]
}

It is a great idea to have an API for Sophos UTM9 and to publish documentation here:

https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx

This documentation is from 9/2017 and I hope to find more substantial info in this document or a reference to other points.

Thank you,
Richard Lippmann

could it implemented, that the utm can be monitored by snmp - in all variants of working, activated modules by snmp or api.

it is in this century not possible to monitoring deeper details of the utm. basically, there are any point s reachable - but it makes not the needings of an working utm with reds, vpns and else without any deeper investigations.

Of course, be a partnership with paessler, like it was made by other software creators.
So, it could be set as a given sensor in the PRTG gui, supported from Sophos / Paessler - it will spare many hours of work.

When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed. Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult. Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy. For example, I just got the following:

secure:/root # cc get_objects dhcp server|grep &#39;range

                    'range_end' => '172.16.31.110',

                    'range_start' => '172.16.31.101',

                    'range_end' => '192.168.66.254',

                    'range_start' => '192.168.66.100',

                    'range_end' => '10.100.100.63',

                    'range_start' => '10.100.100.40',

                    'range_end' => '172.16.2.199',

                    'range_start' => '172.16.2.100',

Cheers - Bob