SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Force TLS on specific email adresses

    Multiple customers have asked if it's possible that they have a single internal mailbox that requires/forces TLS, so that it denies emails if the recipient doesn't support TLS.
    There's already the option for entire domains, but they only want a specific account for the purpose of "secure emails".

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Web Proxy Fail Open for Ranged Data

    The web proxy, before 9.6, failed open for chunked data that was missing or had a misconfigured data-range header, and the data wouldn't be scanned. The old behavior created a DoS in some circumstances where the proxy would continually try to retrieve the data from the server, filling the pipe - I've had this happen to me. The behavior now is fail-closed where the connection is reset, and data is not allowed to flow. This new behavior creates an administrative overhead that is unacceptable to many small IT departments. I manage several firewalls, and in three years I've encountered one…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. RAMCO

    hi, can you please add RAMCO on the application list at the application control? we need to filter it in our company. thank you

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. O365 Tenant Restriction

    Microsoft have released guidlines to restrict access to specified O365/Azure tenants.

    This requires the injection of an HTTP header.

    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

    Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. spam list information

    I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to whitelist interfaces from strict TCP session handling

    A customer needs to block spoofed ACK packets on their WAN interfaces in order to pass security policies. In order to do this, they need to enable strict TCP session handling so they can avoid TCP session pickup. This works, however, it's global and causes problems for one of their applications on the LAN side.
    By allowing a whitelist of interfaces to allow TCP session pickup, the customer can meet security requirements without disturbing their application.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. application control

    At the moment it´s not possible to add custom categories under Web Protection -> Application control. Therefore it´s not transparent with application control to get a detailed information what amount of traffic/bandwith is needed for own applications because application which a not predefined by Sophos are only shown in application category “unclassified”

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. Citrix thin client user authentication(multiple user access the same ip)

    we couldn't authenticate citrix thin client machines in sophos utm

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create Reports of rules and definitions

    It would great when we could create a report of rules, a report of (unused, is an other question here) definitions and a report of interfaces in a readable format whice can add in a network description.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. mail.it@wcc.nl

    Double Check Active directory when creating users. When a new user wants to access out VPN, they must login using their AD user account. If they do this, a Sophos account is created that has backend-sync enabled and all is well.

    But often, they use their e-mail address instead. In that case, a local account is creatrd with that e-mail address. This account obviously will not have the proper AD group memberships. Trying to create a new account only using the userID is then not possible because an account with that e-mail address already exists.

    The only solution is that…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Remove the Limit of 50 Configs in OpenVPN GUI

    Currently there is a limit of 50 configs in OpenVPN GUI.
    There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

    I would like to see that in Sophos UTM SSL VPN Client too.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. UEFI boot

    Make the ISO a standard UEFI ISO

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  13. mail.it@wcc.nl

    After reporting that Sophos still distributes an old (august 2015) and insecure (CVE-2017-7508 CVE-2017-7520 CVE-2017-7522) version (2.3.8) of the OpenVPN client (used by the SSL VPN) as an error through SophServ, I was instructed by the support engineer to post this as an idea.

    Although it seems strange that it is an idea that a security device would keep security sensitive software components up to date, I went along with this, because I want it fixed.

    What *would* be an idea is that not only Sophos kept the version it distributes up to date, but also helps keeping the clients…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Chromebook Filtering

    Any plans to offer an extension-based Chromebook filter? It would be great to have a single lens for filtering of all devices.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Web server url hardening

    Support for IBM Lotus Notes Email for web browsers

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. jgarmon@frmlr.com

    I wish the SEA had, file attachment linking. User attaches a file to an email, and the attachment is replaced with a URL back to it. Very nice. The issue, while a PDF problem and not a SEA one, is trying to get to an attachment in an SPX PDF is horrendous on a good day, assuming a basic computer / mobile device user. No way our clients could do it and many of the are MDs. Then back late last year, Adobe disabled all attachments sent in PDF. So that caused us a lot of trouble which brought us…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. jgarmon@frmlr.com

    Not sure if this is in right category. For SPX, currently only the plain text portion of an email is processed and sent as a PDF. The result is an encrypted PDF that looks very much like it was sent in 1990 vs. the formatting provided by HTML. SPX should process HTML portion if it is present then process plain text. Case number is 8594977. Synaman (http://web.synametrics.com/SynaMan.htm) processes the HTML portion and it looks great.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Let's encrypt intermediate CA sent by server

    As admin I want to have intermediate CAs automagically added for certificates issued by Let's encrypt client, so they are then served when estalishing TLS connections ad retarted libraries are not breaking due to incomplete certificate chain

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Policy Helpdesk

    In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.

    If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sandbox

    Hello,
    It would be nice if you could add the sandbox function to the user portal so that users could check and submit data themselves.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.