SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Rename inappropriate HA-terminology

    It's clear, that master/s.l.a.v.e as terminology is negatively predestined. The role could be renamed to something like primary/secondary or maybe also just active/standby?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  2. Disconnect SSL VPN User Sessions

    If I have to disconnect SSL VPN User Sessions, it would be fine, when I have a button.

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Rename Blacklist / Whitelist to Denylist / Allowlist

    I think it would be appropriate to rename the Blacklist to Denylist and Whitelist to Allowlist. Multiple Customers reported this as offensive.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. More than one concurrent SSL VPN Client at same time

    Currently only one CLient SSL VPN connection is allowed at any one time to Sophos firewall (UTMs). Suggestion is for muitiple connections. Reason is we do off line backups to customer sites via VPN but currently can only do one at a time. We have several customers who require us to do these backups.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Microsoft Authenticator App for OTP

    Support MS Authenticator App for OTP so customers with Office365/MS365 only need 1 authenticator app on their device

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Intergrated Lightweight Firewall Web Browser in UTM GUI

    Imagine under Support > Tools, in UTM 9 there was a 'Browse' tab/option that opens an integrated web browser that let you browse the internet. It can optionally to have access to the local filesystem.

    This would be useful in many scenarios when you don't have access to local server or computer. Similar to my scenario, where I need to hit a Comcast router, UTM is NAT'd behind and I can't because no computer locally.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Upgrade WebAdmin CA to create 2048bit keys in Certificates

    Sophos does currently not support the VPN Connection of iOS devices due to incpmliant key length in Certificates. Apple devices expect 2048 Bit. Please upgrade the WebAdmin CA.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSLVPN: Bad Compression header

    Hello,

    I'm using SSLVPN and am getting "Bad compression error" as mentioned in below post:
    https://community.sophos.com/products/xg-firewall/f/vpn/100669/ssl-vpn-bad-compression-stub-decompression-header-byte-102

    Downgrading OpenVPN client to version 2.3.10 solves this issue.

    As discussed with Sophos Escalations Team, raising a request here to upgrade OpenVPN server of Sophos to make it compatible with newer versions of OpenVPN client.

    Ubuntu 18.04 onwards ships with newer version of OpenVPN client and its older versions are no longer supported on Ubuntu 18.04 onwards. Hence, it would great if this can be done at the earliest.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  10. bandwidth usage reporting

    Logging & Reporting / Network Usage / Bandwidth Usage
    shows an IP which is apparently the source of the bandwidth used.

    Please add another column, and label them "Source IP" & "Destination IP".

    Our UTM-9 is deployed in a datacenter, with a few dozen IPsec Site-to-Site VPN Tunnels. A few of them have similar remote subnets and we need to be able to track bandwidth usage through a given tunnel. Knowing both source and destination IPs for my bandwidth used would sure be nice.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  11. TLS 1.2+ support for User and Admin Portal

    UTM doesn't support anything higher than TLS 1.1 For the User and Admin portals. This is a huge security fail for a security appliance.

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Wildcard within the WAF request redirection

    External users have access to a specific path given by site path routing. In this particular case I am thinking of a download link. For example

    https://server.tld/aaaa/bbbb/ccccc/

    If external users enter the complete link they are properly forwarded to the download source. But I wan´t to avoid access to management console of the storage system ( Synology ) when they just shorten the link to

    https://server.tld/aaaa/bbbb/

    Since part 'bbbb' is variable I can not define a static request redirection. Therefore a wildcard would be helpfull so that any value for 'bbbb' would be considered.

    The implementation of wildcards would be…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. LimitRequestFieldSize value in the UI

    When publishing websites that has large request headers the WAF dismisses the request with "Size of a request header field exceeds server limit".

    This is a major issue when publishing ADFS and other authentication mechanisms that use claims/tokens and sometimes they exceed the default value of 8K.

    Please make firmware changes so that this value can be changed through the UI. optimally as a pr. virtual web server setting.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Testing E-Mail delivery

    I got problems with sending EMails via my Sophos UTM firewall to specific EMail addresses. The EMail delivery in general works, i got only problems with specific Email addresses. Therefore, an EMail testing feature via web interface (with verbose output) would be great!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reboot AP from command line or crontab (scheduled task)

    I've 3 AP connect to a UTM, i would reboot them but not manually with the aweetool, with a schedule task (crontab, rc.local, shutdown -d [time] ecc..., at the moment do this isn't possible..

    This "feature" is very important for a correct connectivity ofthe AP, because
    every one/two/three months you are forced to restart them manually.
    The awetool is useful but yu need to connect to UTM by ssh, start the tool, find the AP and reboot it MANUALLY.
    Give the possibility to create a crontab for do this wil be very very useful, we'll apreciate it.
    thanks

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Option to disable the TLS 1.1 in email appliance

    Option to disable the TLS 1.1 in email appliance

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automatic scheduled resync users status from AD to UTM.

    Every time when I chage the users status on my Active Directory Server (blocking, disableling or excluding an account) I have to go to UTM and manually resync users to make the changes updated in UTM. This is an inconvenience. My sugestion to Sophos is to enhance UTM to make Active Directory users resync automatic.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. E-Mail Protection: Allow specific file extensions in the quarantine release options

    We have a list of file extensions that we block for mail exchange.
    But we want to allow our users to unblock only specific file extensions like doc or docx in the quarantine portal.
    The extensions like .exe or .bat etc. must remain forbidden
    At the moment in the quarantine release options it's only possible to allow/disallow every file extension.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Remove support for TLS 1.1/Allow it to be disabled in Sophos Mail Appliance

    PCI scans that see a remote access port open to the internet fail because the appliance still supports TLS 1.1. I have to dispute this every time, and it is a real hassle

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. syslog messages RFC 5424

    Logging: Syslog Support of RFC 5424

    is it possible to change the time format for the syslog messages?
    To the RFC 5424 format?
    br
    Kai

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.