SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Dark Mode

    Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...

    Why not the Web-Interface of the Sophos XG Home?!?

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSLVPN: Bad Compression header

    Hello,

    I'm using SSLVPN and am getting "Bad compression error" as mentioned in below post:
    https://community.sophos.com/products/xg-firewall/f/vpn/100669/ssl-vpn-bad-compression-stub-decompression-header-byte-102

    Downgrading OpenVPN client to version 2.3.10 solves this issue.

    As discussed with Sophos Escalations Team, raising a request here to upgrade OpenVPN server of Sophos to make it compatible with newer versions of OpenVPN client.

    Ubuntu 18.04 onwards ships with newer version of OpenVPN client and its older versions are no longer supported on Ubuntu 18.04 onwards. Hence, it would great if this can be done at the earliest.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. new DHCP Option code

    new DHCP Option code:

    Option Name: 200 H323 Gatekeeper
    Vendor: Innovaphone

    Thanks

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. S/MIME certificate export durch GUI.

    It will be nice, if there is a button for downloading the extern S/MIME Certificates from Email Protection > Encryption > S/MIME Certificate.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Upgrade OpenVPN to fix key lifetime OTP issue

    if you have one time password (OTP) turned on and you reach key lifetime which by default is 8 hours the VPN kicks you out because it tries to re-authenticate with the old OTP password - new versions of openvpn have fixed this - a work around is to adjust the key lifetime which decreases security

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. FastestVPN is the hallmark for success for VPN providers in the world here's why?

    FastestVPN was formed in the Cayman Island in 2017 and instantly became a success, their renowned features made them the best VPN for Android users, and their formidable security protocols, also named them as the best VPN for IOS users as well!
    https://fastestvpn.com/download/android-vpn

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add options to reject or quarantine emails that fail or have invalid DKIM

    Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

    33 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. SPF check

    Can we can configure the system to at least quarantine for other conditions like “none” and “temporer”, etc. instead of accepting?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. port 25

    The default port to email a backup copy of the settings is Port 25.

    Many ISPs block Port 25.

    It would be helpful if an alternate port could either be chosen or selected such as Port 587.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. DHCPv6 Prefix Delegation for Subrouters

    The possibility to re-delegate a ISP-Prefix to Subrouters behind the Sophos UTM.

    Scenario: The Sophos UTM is on the edge of the Network an gets a /48-Prefix. The UTM has to re-delegate a smaller Prefix to Subrouters via DHCPv6-Prefix-Delegation.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. mib

    hi all,

    I would like to monitor via snmp users vpn sessions, ie there bandwith and the user logged on at any given time on my utm 9 device.

    thanks,
    Rob

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  12. ? - on risk level under reports

    Hi Guys, on my application risk report I see ? instead of a risk number. this is on my UTM XG135. for example for port 443. cant this be changed to may be risk 0 instead of a ? as when you view reports we cant actually distinguish what actually this means and have to login to firewall and go and pull up the report to actually see which defeat the purpose of having a report the first place.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  13. UTM AD Realtime Refresh For VPN Users

    I have been doing a setup for a client where we use Cisco Umbrella (web filtering) over the SSL VPN configured on the Sophos UTM.

    This VPN is set to use AD Authenticated users, however we have noticed when we are looking at the logs on the cisco side, the AD user does not match the IP address being used, it looks like the AD user being shown is 24 hours behind, and if a new user connects to the vpn with a new IP which was previously used by another user, this can cause incorrect results.

    Now I raised…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. cipher

    Kann der SMTP Dämon inbound mehr Cipher unterstützen, z.B.:
    TLSECDHERSAWITHAES
    ...256
    GCMSHA384
    ...128
    GCMSHA256
    ...256
    CBCSHA384
    ...128
    CBC_SHA256

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. use industry standard sorting for ip list in network definitions

    use industry standard for sorting ip list in network definitions instead of the lexicographic sorting method.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. page scrolling

    On sections that have multiple pages of items, eg users, hosts, DHCP leases, make it so that when you click to the next page, the top of the next page is visible, not the bottom. Every time I click to a new page I have to scroll up to get to the top of the page.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSL VPN - create and use a certificate revocation list

    If a user is deleted from the UTM and the account was in use for SSL VPN, his user certificate should be set to a certification revocation list.
    The SSL VPN service should use this revocation list to avoid using old certificates from accounts that were created on the UTM with the same name. This is currently possible, 05/2020.
    The UTM does not maintain revocation lists for users and the SSL VPN service does not use this capability, although OpenVPN offers it.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Remove support for TLS 1.1/Allow it to be disabled in Sophos Mail Appliance

    PCI scans that see a remote access port open to the internet fail because the appliance still supports TLS 1.1. I have to dispute this every time, and it is a real hassle

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Option for checking always emails with file attachment via the sand box /sandstorm

    Option for checking always emails with file attachment via the sand box /sandstorm

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.