We are hosting 89 websites behind the firewall using a wildcard certificate, this certificate is going to exipre in few days. When trying to update the certificate with the newly created wildcard certificate I didn't found any option to do that. The only option available was uploading that new certificate with a different name and manually assigning the new certificate to all our Virtual Webservers.
For companies like us with a big number of web sites behind the WAF, it will become really handy to have an update option so we update the certificate entry that is there in Certificate management, this way there is no need of updating manually each entry on Virtual Webserver, getting all of them updated instantly and without downtime.
Thanks.

We are fairly recent Sophos partner, our business is in industrial automation and control systems customers.

Security for industrial automation, critical infrastructure, and industry 4.0 is very much a hot topic right now.

We would like to see some development to include capability for Deep Packet Inspection and control of industrial control protocols such as:

Modbus TCP
Ethernet/IP (CIP)
OPC Classic (DCOM / RPC)
Siemens S7
etc.

Inclusion of rules for these into IDS would also be welcomed.

A number of vendors approaching us are starting to get into this specialist area of the market and it would be great to see Sophos offering an industrial orientated product.

This could feasibly be a specialist feature set licence for the UTM / XG to provide the functionality required for industrial environments.

Thank you.

No proper categorization of logs in WAF when configured in monitor mode, we are chasing since more than two months to get fetched the logs of WAF in any third party tool (SysLog/SIEM) for the monitoring and rule setting purpose, but we couldn't get proper support from vendor as well as Sophos technical team.

Earlier we tried with Sophos iVew tool as per the vendor suggestion, the tools is specially developed for Sophos UTM but it works for specific features(reporting) only, not for log monitoring and WAF log fetching.

Can you please assist in this regards, is there any way to fetch UTM WAF logs in third party log monitoring (SysLog/SIEM) tool?

It would be appreciated, if you can help us to get categorized the WAF logs in terms with false positives, false negatives and exceptions need to set in WAF console.

Thanks in advance.

Problem:
There's currently an existing bug (confirmed through support up to firmware v9.602) that causes the SSL VPN daemon to disconnect any users associated with a VPN Profile that has a DNS Host object in its networks.

The UTM will check for updates on DNS hosts periodically (every 2-3 minutes) and any associated VPN Profile will perform rolling restarts on it's users.

This only causes a few seconds of delay for end users as the clients usually connect without issue but it can be very disruptive.

Suggestion:
Have VPN Profiles only reconnect/restart only if a dynamic object (DNS Host or even a static one pushed out via SUM) actually changes value. At the moment it appears to only check if an object is updated/removed rather than if the change would have affected the corresponding routing rules for the client.

For our main subnet, we use Microsoft Active Directory integrated DNS and DHCP. But for other subnets, the Sophos device is the DNS server and DHCP Server. So when a device gets an IP address from the Sophos, we might make it static which adds an entry under the Network Definitions section. But it would be great if those same DNS records could be automatically added (and synced) to Active Directory DNS. I'd like to see the Sophos DNS have the ability to sync with Active Directory DNS. At the very least, one-way sync (that is, Sophos DNS records are pushed into Active Directory DNS)