SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. bandwidth usage reporting

    Logging & Reporting / Network Usage / Bandwidth Usage
    shows an IP which is apparently the source of the bandwidth used.

    Please add another column, and label them "Source IP" & "Destination IP".

    Our UTM-9 is deployed in a datacenter, with a few dozen IPsec Site-to-Site VPN Tunnels. A few of them have similar remote subnets and we need to be able to track bandwidth usage through a given tunnel. Knowing both source and destination IPs for my bandwidth used would sure be nice.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  2. syslog messages RFC 5424

    Logging: Syslog Support of RFC 5424

    is it possible to change the time format for the syslog messages?
    To the RFC 5424 format?
    br
    Kai

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  3. Android or IOS Malicious Apps

    Hi, need a little guidance since I’m not all that familiar with many apps. I heard that Android and iOS are launching extremely dangerous apps? Are there any in particular I should be worried about? click here for further info
    https://www.ilounge.com/articles/android-and-ios-releases-a-whole-wave-of-sketchy-apps

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Reboot AP from command line or crontab (scheduled task)

    I've 3 AP connect to a UTM, i would reboot them but not manually with the aweetool, with a schedule task (crontab, rc.local, shutdown -d [time] ecc..., at the moment do this isn't possible..

    This "feature" is very important for a correct connectivity ofthe AP, because
    every one/two/three months you are forced to restart them manually.
    The awetool is useful but yu need to connect to UTM by ssh, start the tool, find the AP and reboot it MANUALLY.
    Give the possibility to create a crontab for do this wil be very very useful, we'll apreciate it.
    thanks

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. country blocking for crimea region

    Please implement the crimea region in the country blocking options.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. WebProxy_SSL-Scanning: Change the Certificate Subject Name...

    Please implement the possibility to change the Certificate Subject Name, for the certificate which is delivered to the clients, when doing SSL-Scanning.

    The Certificate Subject Name is currently the IP address of the requested URL. Unfortunately, a lot of linux systems have a problem, if the Certificate Subject Name is the IP and not the FQDN of the requested URL.

    Could you please change or implement this?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Quarantine mail contains only reason "File-Extension" but not which extension exactly

    We have configured the system to quarantine emails with certain extensions.
    However, the recipient then only sees the quarantine reason "File Extension" in the notification. It is urgently desired that he also sees directly which file extension it is. The admin only sees this in the mail manager

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Remove support for TLS 1.1/Allow it to be disabled in Sophos Mail Appliance

    PCI scans that see a remote access port open to the internet fail because the appliance still supports TLS 1.1. I have to dispute this every time, and it is a real hassle

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Remove the diffie-hellman-group1-sha1 in ssh service/port-22

    Hi Sophos,

    We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.

    We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,

    Please kindly provide a step or your action to remove it.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Option to disable the TLS 1.1 in email appliance

    Option to disable the TLS 1.1 in email appliance

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  11. E-Mail Protection: Allow specific file extensions in the quarantine release options

    We have a list of file extensions that we block for mail exchange.
    But we want to allow our users to unblock only specific file extensions like doc or docx in the quarantine portal.
    The extensions like .exe or .bat etc. must remain forbidden
    At the moment in the quarantine release options it's only possible to allow/disallow every file extension.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP

    Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP, would allow visiblity and reporting of remote users over an extended period of time

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSL Site-to-Site VPN uses the same IP pool as SSL-Remote-VPN

    SSL-Site-to-Site-VPN uses the same IP pool as SSL-Remote-VPN. This leads to problems if the UTM acts as an SSL-Site-to-Site-VPN-Master and at the same time as an SSL-Remote-VPN-Master.
    By using the same pool, packets from the respective VPN systems are routed incorrectly. For example, packets from the remote VPN can be routed to peers in the Site 2 site tunnel.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. Firewall Rule : [BUG] The trigger area to turn on or turn off rules is expanding according to the size of the rule

    Please Correct the trigger area ON-OFF on firewall rule policy, please make it just only clickable only on the bottom icon. Now the activates area is expanding according to the size of the rule??
    We have to face the difficulty of using it. we always disable the rule by mistake because we did not recognize the area which is not an icon also do the trigger

    But this behavior did not happen in NAT Rule, Masquerading, or any toggle switch on other features in the firewall.
    We used Firmware Version: 9.702-1

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Possibility to put a description to the accesspoint

    Would be nice to have a description option for the accesspoint in the wireless protection.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. mib

    hi all,

    I would like to monitor via snmp users vpn sessions, ie there bandwith and the user logged on at any given time on my utm 9 device.

    thanks,
    Rob

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  17. UTM AD Realtime Refresh For VPN Users

    I have been doing a setup for a client where we use Cisco Umbrella (web filtering) over the SSL VPN configured on the Sophos UTM.

    This VPN is set to use AD Authenticated users, however we have noticed when we are looking at the logs on the cisco side, the AD user does not match the IP address being used, it looks like the AD user being shown is 24 hours behind, and if a new user connects to the vpn with a new IP which was previously used by another user, this can cause incorrect results.

    Now I raised…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. To change the label name of Master and ***** in HA:

    To improve team communications by removing perceived discriminatory language.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  19. Dark Mode

    Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...

    Why not the Web-Interface of the Sophos XG Home?!?

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  20. new DHCP Option code

    new DHCP Option code:

    Option Name: 200 H323 Gatekeeper
    Vendor: Innovaphone

    Thanks

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.