SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Custom Block Messages depending on different networks

    We want to be able to show different block messages to request from different users/networks/filteractions.

    We have one public hotspot were we provide internet access and another private company wifi.

    We want to be able to only show the administrators info (like telephone number) to the private wifi.

    Please implement this as a feature if possible.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. da (P)FS bei TLS zwingend für Behörden laut BSI gefordert ist und ach bald im BSI-Grundschutz aufgeführt wird.

    Feature Request eine generelle Option in der GUI wird benötigt , damit nur Forward Secrecy fähige Ciphers verwenden werden können, damit auch andere TLS Versionen damit abgedeckt wären.

    Das Problem ist, das das BSI im April neue technische Maßnahmen für den IT-Grundschutz heraus gegeben hat.

    Darin wird für Web-Anwendungen nur noch TLS 1.2 und TLS 1.3 mit FS empfohlen.

    Der eingriff über CLI ist nicht gewünscht:
    ................................................
    /var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf
    Finden Sie recht weit oben die Zeile :
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    Das was hier eingetragen ist. wird vom Rev-Proxy angeboten.
    Änderungen hier und Folgeprobleme (Sitchwort Backportability alte Clients zu neuen Cipher suites) sind…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSL VPN Remote Connection after a time automatically configured from the firewall, disconnect

    For an industrial remote connection, we need restrictive configuration options. with a UTM firewall, we would have to be able to interrupt remote access from the firewall. It would be great if each dialed connection could be disconnected after a certain time, as an example of an hour. with increasing internet attacks, we unfortunately have to pay more and more attention to possible entry gates.
    Will it be possible to find such a feature in Sophos firewalls in the near future? Especially for our purposes, with the SG115 UTM. At best a script that would install this feature?

    Translated with …

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. vdsl

    UTM should be able to use untagged VLAN 1 for VDSL - PPoE, when using the Sophos VDSL SFP transceiver, There are a number of ISP that deliver their service on untagged VLAN 1.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Let's Encrypt - Editable Certificate in Certmanager

    As we use Let's Encrypt for Exchange Secure and have to add additional customer Domains every few days it would be nice to have a 'Edit' Button in Certificate Manager to add those Domains rather to create a new Certificate, remove the old one and change it everywhere in Sophos

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Mail manager quarantine confirmation when deleting an email

    Emails that you accidentally select as delete will be deleted without confirmation. A confirmation if you really want to delete this email would be meaningful.

    Otherwise, the e-mails will be irrevocably deleted...

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Provide link for checksums along with firmware download

    As far as I can see, there are no checksums provided for firmware downloads for Cyberoam UTM devices. Providing hashes using a known strong algorithm (e.g. SHA256) is standard practice, and is especially important for firmware upgrades for critical security infrastructure. This is trivial to implement and it would be nice to have a link to hashes added in the notification banner for firmware upgrades. Bonus points for signing it with a GPG key.

    It's possible that these are available, but they should be more apparent and be located in the same place as the firmware file or with the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
  10. ssl vpn IP blacklist / whitelist

    i am getting a lot of rouge traffic trying to connect to my SSL VPN - black listing and white listing IP's, IP ranges or ISP's would be good

    i know that it's secure and chances are they will never get in - though all the extra protection helps and if a flaw was ever found in openvpn this would help

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. Request to have the attachment of the email to get filter under filter expression under email protection of UTM.

    Hello Team,

    We have customer here requesting to have the attachment of the email to get filter or get detected under filter expression under email protection of UTM. For your assistance please. Thank You

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Request to add specific attachment type to be managed under MIME type filter under email protection of UTM

    Hello Team,

    We have customer here requesting to add the following specific attachment type to be managed under MIME type filter under email protection of UTM

    ChristmasCard.doc
    Christmas-Greeting-Card.doc
    Christmas-wishes.doc
    Christmas-Congratulation.doc

    For your assistance please. Thank You

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Hotspot Roaming multiple Interfaces

    Scenario: We are using multiple VLANs for a guest network. For example House A VLAN 10 and House B VLAN 20.
    Both networks are using the same hotspot in the UTM.

    Problem: If a user roams from House A to B (same SSID, same Hotspot) he needs to accept the Terms of Use again.

    First of all i though its a bug, but sophos support confirmed, that the acceptance is not central stored and you need to accept twice or more if you roam with the same device on a different network but in the same hotspot.

    It would be…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. ADD Infomaniak as DynDNS

    We would like to add a NEW DynDNS Provider in the Sophos-SG Firewall and Firmware.
    https://infomaniak.com/nic/update

    Network Services / DNS / DynDNS -> Infomaniak

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Pharming Protection: option to exclude URLs

    Some applications like Snapchat or Zscaler use kind of "virtual URLs", which are not resolvable.
    Even an online DNS lookup delivers no result.
    So Web Filtering blocks the attempt of the Client, to check for or contact this URL with the error "Host not found"
    See examples for this issue HERE: https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/46970/snapchat---host-not-found#pi2151=2&pi2353=1 and HERE: https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/116554/unresolved-urls-zscaler-are-blocked-in-web-filtering-with-host-not-found---exception-possible/421719#421719
    At present Pharming Protection has to be completely disabled, to prevent the application from throwing errors.
    I suggest the option to exclude URLs from the Pharming check, so it can remain active for all other URLs

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. MAC white list for obtain IP from DHCP server on UTM SG

    Hello Sophos Team,
    With hundreds devices in a company, it will take a lot of time to add each host MAC and IP with static mapping option. We need some features that will allow only known MACs to obtain IP addressed from DHCP pool on UTM SG device.
    Thank you for your cooperation and hope to see it come true in future.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  17. Send notification when special amount of email is reached inside spooler to control communication between firewall and mailserver

    Send notification when special amount of email is reached inside spooler to control communication between firewall and mailserver. (Problems of broken connection between firewall and mailserver are faster visible.)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. sophos connect automatic user creation

    Sophos connect with Radius does not support automatic user creation. This causes an issues with new accounts as we have to wait for the next prefetch cycle before they can be used.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. DB cleanup after adjusting report retention time

    It would be sweet if the SG would do a cleanup/purge of old data beyond reporting time.
    Path: "logging & reporting --> reporting settings --> settings"

    This is especially handy with the smaller devices with excessive logs and will prevent us from doing a REBUILD DB, with the loss of whole database.

    (Example of reallife situation in CaseID [#8254771] )

    62 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. Pop-up legend for charts in "Logging & Reporting -> Hardware" does not order to match the catagory in the chart

    In the pop-up legend for charts in "Logging & Reporting -> Hardware" when scrolling to see exact values on the graph at a point in time should have the order to match the catagory in the chart. This is shown and described in the top image in the attached file. The second image also shows the order should be change so the "log" is on the bottom. Changing the order will also make it clear which line in graph matches what item being plotted.

    Both charts show that the color code for items in the legend do not match the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.