SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Chromebook Filtering

    Any plans to offer an extension-based Chromebook filter? It would be great to have a single lens for filtering of all devices.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Executive Reports (firewall) of top Ten should exclude packets that do not traverse the firewall

    Executive Reports of top Ten include packets which are dropped by the UTM. Since the goal of network admins is to detect unauthorized traffic which penetrates the firewall, Executive Reports which include dropped packets are a waste of time. For every item, the admin is forced to download the appropriate firewall log file and see of the IP address in question is included in the list of drops. This is a great waste of time. If you do not fix this, our company will be forced to find an alternative solution.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make IPFIX export port configurable

    As of 9.601-5 the UDP port for IPFIX flow export is hard coded at 4739. Please consider making this a configurable port number! We are trying to incorporate flow from UTM into an existing monitoring tool listening for flow data on a different port. My choice now is either no flow data at all from UTM, or reconfigure all our other devices and monitoring software to use the sophos hard coded port.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Let's encrypt intermediate CA sent by server

    As admin I want to have intermediate CAs automagically added for certificates issued by Let's encrypt client, so they are then served when estalishing TLS connections ad retarted libraries are not breaking due to incomplete certificate chain

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Policy Helpdesk

    In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.

    If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sandbox

    Hello,
    It would be nice if you could add the sandbox function to the user portal so that users could check and submit data themselves.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Remove the Limit of 50 Configs in OpenVPN GUI

    Currently there is a limit of 50 configs in OpenVPN GUI.
    There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

    I would like to see that in Sophos UTM SSL VPN Client too.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPv4 Fallback for IPv6 with Proxy in Standard Mode (Happy Eyeballs)

    If a webserver is resolvable in DNS with both IPv4 and IPv6 addresses (A and AAAA Records) the UTM Proxy will prioritize IPv6, which is ok.

    If the server is not reachable on IPv6 no fallback to IPv4 happens if the proxy is running in Standard mode.

    The provided workarounds are:
    1 -disable IPv6 on the ASG
    => Seriously, disable IPv6 in 2019 ?

    2 -add a DNS static entry for every affected site with only an IPv4 record
    => Definitely not starting to statically add internet hosts...

    3 -use HTTP proxy transparent mode instead
    => well yeah, but want…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Veeam replication to Applications

    Please add an application category for Veeam replication traffic. It currently appears as the highest traffic volume as "Unclassifed" - sick of having to explain it every month.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add VPN Tunnel(s) to the SFM Device Monitor

    The Device monitor has:
    - Conn. to Central Mgmt
    - Gateway Status
    - Interface Status
    - RED Status

    First of all, none of our clients need RED, but almost all of them have S2S VPN. Can you add a way to pick what bits to monitor on the Device Monitor and allow me to decide what to display in the NOC?

    Thanks!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. application control

    At the moment it´s not possible to add custom categories under Web Protection -> Application control. Therefore it´s not transparent with application control to get a detailed information what amount of traffic/bandwith is needed for own applications because application which a not predefined by Sophos are only shown in application category “unclassified”

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  12. message if ipsec client becomes active

    our customer need an info , looks like site2site ipsec up/down , but for IPSEC Client.
    So if an employee or some one get connected over IPSEC, the admin get an info.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. http log

    In order to facilitate analysis by our CASB of traffic and traffic amounts to and from shadow IT, please provide the number of bytes up & down information in the SG proxy logfiles (like already done by XG as “sent_bytes=*** recv_bytes=xxxxxx).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  14. DNS Forward Only or Forward First Option

    Please add an option in Network Services>DNS>Forwarders to select forward only or forwared first using a check box. If the box is checked DNS forwarders use forward only. Unchecked returns to the default state of forward first. The check box actions would remain static regardless of updates/restarts. The check box options would effectively have the same function as changing the named.conf setting to forward only or forward first Thank you!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. DNS over TLS

    Please implement support for DNS over TLS queries to supported resolvers (like the new Quad9 resolvers). Very important privacy feature, imho.

    90 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. 35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. We need real time bandwidth per ip or user base.

    We need real time bandwidth per ip or user base.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. top user report x interface Utilization

    Send the top user report via email when the interface utilization speed crosses the set threshold value

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. wireless filter

    Wireless MAC Filter/Nametag

    it would be good, if we could tag a MAC-Adress with a Name. So we can identify which Hardware is bounded with that MAC-Adress.

    Best regards
    Dmitri

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Uplink Balancing & NAT Masq

    Problem: You may create NAT Masq rules for your ISP and segment off portions of your network to specific addresses under Network Protection > NAT. If you obtain a secondary ISP and turn on uplink balancing under Interfaces & Routing > Uplink Balancing, your NAT MASQ rules change to uplink interfaces. The NAT MASQ rules only MASQ the primary interface. The current interface doesn't allow for changing to multiple interfaces.

    Solution: Allow uplink balancing to be used and allow multiple interfaces to be configured under the MASQ ruleset so that traffic may use either configured interface to NAT MASQ.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.