Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...

Why not the Web-Interface of the Sophos XG Home?!?

Hello,

I'm using SSLVPN and am getting "Bad compression error" as mentioned in below post:
https://community.sophos.com/products/xg-firewall/f/vpn/100669/ssl-vpn-bad-compression-stub-decompression-header-byte-102

Downgrading OpenVPN client to version 2.3.10 solves this issue.

As discussed with Sophos Escalations Team, raising a request here to upgrade OpenVPN server of Sophos to make it compatible with newer versions of OpenVPN client.

Ubuntu 18.04 onwards ships with newer version of OpenVPN client and its older versions are no longer supported on Ubuntu 18.04 onwards. Hence, it would great if this can be done at the earliest.

new DHCP Option code:

Option Name: 200 H323 Gatekeeper
Vendor: Innovaphone

Thanks

It will be nice, if there is a button for downloading the extern S/MIME Certificates from Email Protection > Encryption > S/MIME Certificate.

if you have one time password (OTP) turned on and you reach key lifetime which by default is 8 hours the VPN kicks you out because it tries to re-authenticate with the old OTP password - new versions of openvpn have fixed this - a work around is to adjust the key lifetime which decreases security

FastestVPN was formed in the Cayman Island in 2017 and instantly became a success, their renowned features made them the best VPN for Android users, and their formidable security protocols, also named them as the best VPN for IOS users as well!
https://fastestvpn.com/download/android-vpn

Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

Can we can configure the system to at least quarantine for other conditions like “none” and “temporer”, etc. instead of accepting?

The default port to email a backup copy of the settings is Port 25.

Many ISPs block Port 25.

It would be helpful if an alternate port could either be chosen or selected such as Port 587.

The possibility to re-delegate a ISP-Prefix to Subrouters behind the Sophos UTM.

Scenario: The Sophos UTM is on the edge of the Network an gets a /48-Prefix. The UTM has to re-delegate a smaller Prefix to Subrouters via DHCPv6-Prefix-Delegation.

hi all,

I would like to monitor via snmp users vpn sessions, ie there bandwith and the user logged on at any given time on my utm 9 device.

thanks,
Rob

Hi Guys, on my application risk report I see ? instead of a risk number. this is on my UTM XG135. for example for port 443. cant this be changed to may be risk 0 instead of a ? as when you view reports we cant actually distinguish what actually this means and have to login to firewall and go and pull up the report to actually see which defeat the purpose of having a report the first place.

Kann der SMTP Dämon inbound mehr Cipher unterstützen, z.B.:
TLSECDHERSAWITHAES
...256GCMSHA384
...128GCMSHA256
...256CBCSHA384
...128CBC_SHA256

use industry standard for sorting ip list in network definitions instead of the lexicographic sorting method.

On sections that have multiple pages of items, eg users, hosts, DHCP leases, make it so that when you click to the next page, the top of the next page is visible, not the bottom. Every time I click to a new page I have to scroll up to get to the top of the page.

If a user is deleted from the UTM and the account was in use for SSL VPN, his user certificate should be set to a certification revocation list.
The SSL VPN service should use this revocation list to avoid using old certificates from accounts that were created on the UTM with the same name. This is currently possible, 05/2020.
The UTM does not maintain revocation lists for users and the SSL VPN service does not use this capability, although OpenVPN offers it.

PCI scans that see a remote access port open to the internet fail because the appliance still supports TLS 1.1. I have to dispute this every time, and it is a real hassle

Option for checking always emails with file attachment via the sand box /sandstorm