SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SMTP Proxy Listen Interface - not include automaticaly additional addresses

    Since V9.6, the SMTP Proxy listen interface feature is reality. It would be nice if the configured listen interface not include automaticaly also the additional addresses of the selected interface. This is bad for security audits.

    Thank you very much.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Indicator for active connection in Multipath Rules screen

    Multi-path rules works nice but we don't see at the very moment which connection is used. Maybe "Skip rule on interface error" made the connection to switch to the another interface but we can't see it.
    Not sure if connection backs to normal after error rectified by itself or not.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. Encryption Add-in for Outlook - show confirmation when an email is encrypted

    Change "Encrypt" button in outlook to show when an email is encrypted. Currently it does not give any confirmation when the "Encrypt" button is clicked!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Alert email after reaching set B/W threshold Value

    I need alert email in case my Internet Bandwidth threshold reached for at least for 5 Minutes , So proactive actions can be taken , it is not possible to put your eyes every time at firewall bandwidth utilization , or raising escalation by customers

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Update SSL Certificate Option

    We are hosting 89 websites behind the firewall using a wildcard certificate, this certificate is going to exipre in few days. When trying to update the certificate with the newly created wildcard certificate I didn't found any option to do that. The only option available was uploading that new certificate with a different name and manually assigning the new certificate to all our Virtual Webservers.
    For companies like us with a big number of web sites behind the WAF, it will become really handy to have an update option so we update the certificate entry that is there in Certificate…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. reject

    Firmware version: 9.601-5

    unscannable / encrypted content and file Extension filtering is quarantine only unfortunately.
    Please add an option to bounce emails by file extension (e.g. bounce old office formats like .doc, .xls etc.) and to bounce unscannable / encrypted content.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for Industrial Protocols in DPI / IDS

    We are fairly recent Sophos partner, our business is in industrial automation and control systems customers.

    Security for industrial automation, critical infrastructure, and industry 4.0 is very much a hot topic right now.

    We would like to see some development to include capability for Deep Packet Inspection and control of industrial control protocols such as:

    Modbus TCP
    Ethernet/IP (CIP)
    OPC Classic (DCOM / RPC)
    Siemens S7
    etc.

    Inclusion of rules for these into IDS would also be welcomed.

    A number of vendors approaching us are starting to get into this specialist area of the market and it would be great…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow work space Facebook and block personal Facebook.

    Hi,

    Add this feature in Cyberom UTM to Allow work space Facebook and block personal Facebook.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Extension of the usage time for WLAN before a holiday in a week

    Hello, One way to automatically extend the usage time for Wi-Fi before a holiday in a week would be a great thing. On working days, the WLAN is set to 22 clock, on weekends until 24 clock. Please extend the possibility that the UTM can automatically be extended before local, regional holidays.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. "Out Of Office" replies with BATV feature enabled

    With current exim configuration, the "Out Of Office" replies getting rejected by the BATV due to the null return address in the reply. Please add a feature to handle these messages pass through the BATV feature.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Is there any way to fetch Sophos UTM WAF logs in third party log monitoring tool?

    No proper categorization of logs in WAF when configured in monitor mode, we are chasing since more than two months to get fetched the logs of WAF in any third party tool (SysLog/SIEM) for the monitoring and rule setting purpose, but we couldn't get proper support from vendor as well as Sophos technical team.

    Earlier we tried with Sophos iVew tool as per the vendor suggestion, the tools is specially developed for Sophos UTM but it works for specific features(reporting) only, not for log monitoring and WAF log fetching.

    Can you please assist in this regards, is there any way…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Assign static IP address to VPN SSL clients

    It would be extremely useful to add the possibility to assign a static IP address to clients connecting with VPN SSL. It works with IPsec and L2TP but not with SSL. With a static IP address for each user, we would be able to allow them a specific acces to internal ressources. Thanks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. IKEv2

    Would like to see support for IKEv2 in AWS appliance.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. E-Mail Exception for encrypted attachments

    It should be possible to create an exception for encrypted attachments without having to disable the malware scan.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. 8822269 -

    Hi Team, I would like to have the ability to Export Network Usage between specific times. Unfortunately the Daily Network Usage graph is (now-24hours).I would like the ability to choose a specific day last week.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  16. waf reverse authentication multiple domains

    waf reverse authentication multiple domains

    Currrently you can only use reverse authentication to a single domain with a prefix. If you have multiple domains you cannot set the prefix to none. In doing so the waf adds an extra backslash example login as feg\davis ends up with feg\\davis which gets a Denied in the live log and you cannot login get rid of second backslash in reverse authentication

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. ssl vpn

    Problem:
    There's currently an existing bug (confirmed through support up to firmware v9.602) that causes the SSL VPN daemon to disconnect any users associated with a VPN Profile that has a DNS Host object in its networks.

    The UTM will check for updates on DNS hosts periodically (every 2-3 minutes) and any associated VPN Profile will perform rolling restarts on it's users.

    This only causes a few seconds of delay for end users as the clients usually connect without issue but it can be very disruptive.

    Suggestion:
    Have VPN Profiles only reconnect/restart only if a dynamic object (DNS Host or…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. active directory DNS

    For our main subnet, we use Microsoft Active Directory integrated DNS and DHCP. But for other subnets, the Sophos device is the DNS server and DHCP Server. So when a device gets an IP address from the Sophos, we might make it static which adds an entry under the Network Definitions section. But it would be great if those same DNS records could be automatically added (and synced) to Active Directory DNS. I'd like to see the Sophos DNS have the ability to sync with Active Directory DNS. At the very least, one-way sync (that is, Sophos DNS records are…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. O365 Tenant Restriction

    Microsoft have released guidlines to restrict access to specified O365/Azure tenants.

    This requires the injection of an HTTP header.

    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

    Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. iview - NAT rule usage reporting

    Currently not available for reporting on the iView, we have a small number of NAT rules and would be great to have this usage report available under the reporting server.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.