SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Android or IOS Malicious Apps

    Hi, need a little guidance since I’m not all that familiar with many apps. I heard that Android and iOS are launching extremely dangerous apps? Are there any in particular I should be worried about? click here for further info
    https://www.ilounge.com/articles/android-and-ios-releases-a-whole-wave-of-sketchy-apps

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. country blocking for crimea region

    Please implement the crimea region in the country blocking options.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Quarantine mail contains only reason "File-Extension" but not which extension exactly

    We have configured the system to quarantine emails with certain extensions.
    However, the recipient then only sees the quarantine reason "File Extension" in the notification. It is urgently desired that he also sees directly which file extension it is. The admin only sees this in the mail manager

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. WebProxy_SSL-Scanning: Change the Certificate Subject Name...

    Please implement the possibility to change the Certificate Subject Name, for the certificate which is delivered to the clients, when doing SSL-Scanning.

    The Certificate Subject Name is currently the IP address of the requested URL. Unfortunately, a lot of linux systems have a problem, if the Certificate Subject Name is the IP and not the FQDN of the requested URL.

    Could you please change or implement this?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Remove the diffie-hellman-group1-sha1 in ssh service/port-22

    Hi Sophos,

    We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.

    We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,

    Please kindly provide a step or your action to remove it.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP

    Ability to pull concurrent remote access numbers for L2TP, PPTP, SSL VPN count via SNMP, would allow visiblity and reporting of remote users over an extended period of time

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  7. SSL Site-to-Site VPN uses the same IP pool as SSL-Remote-VPN

    SSL-Site-to-Site-VPN uses the same IP pool as SSL-Remote-VPN. This leads to problems if the UTM acts as an SSL-Site-to-Site-VPN-Master and at the same time as an SSL-Remote-VPN-Master.
    By using the same pool, packets from the respective VPN systems are routed incorrectly. For example, packets from the remote VPN can be routed to peers in the Site 2 site tunnel.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. Firewall Rule : [BUG] The trigger area to turn on or turn off rules is expanding according to the size of the rule

    Please Correct the trigger area ON-OFF on firewall rule policy, please make it just only clickable only on the bottom icon. Now the activates area is expanding according to the size of the rule??
    We have to face the difficulty of using it. we always disable the rule by mistake because we did not recognize the area which is not an icon also do the trigger

    But this behavior did not happen in NAT Rule, Masquerading, or any toggle switch on other features in the firewall.
    We used Firmware Version: 9.702-1

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Possibility to put a description to the accesspoint

    Would be nice to have a description option for the accesspoint in the wireless protection.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. mib

    hi all,

    I would like to monitor via snmp users vpn sessions, ie there bandwith and the user logged on at any given time on my utm 9 device.

    thanks,
    Rob

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  11. UTM AD Realtime Refresh For VPN Users

    I have been doing a setup for a client where we use Cisco Umbrella (web filtering) over the SSL VPN configured on the Sophos UTM.

    This VPN is set to use AD Authenticated users, however we have noticed when we are looking at the logs on the cisco side, the AD user does not match the IP address being used, it looks like the AD user being shown is 24 hours behind, and if a new user connects to the vpn with a new IP which was previously used by another user, this can cause incorrect results.

    Now I raised…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. To change the label name of Master and ***** in HA:

    To improve team communications by removing perceived discriminatory language.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  13. Dark Mode

    Actually, every program has a DARK MODE. Windows has it, One Note has it, Word has it, the UniFi Controller has it...

    Why not the Web-Interface of the Sophos XG Home?!?

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  14. new DHCP Option code

    new DHCP Option code:

    Option Name: 200 H323 Gatekeeper
    Vendor: Innovaphone

    Thanks

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add options to reject or quarantine emails that fail or have invalid DKIM

    Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

    36 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. S/MIME certificate export durch GUI.

    It will be nice, if there is a button for downloading the extern S/MIME Certificates from Email Protection > Encryption > S/MIME Certificate.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Upgrade OpenVPN to fix key lifetime OTP issue

    if you have one time password (OTP) turned on and you reach key lifetime which by default is 8 hours the VPN kicks you out because it tries to re-authenticate with the old OTP password - new versions of openvpn have fixed this - a work around is to adjust the key lifetime which decreases security

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  18. Option to restart AP under UTM Web Admin

    Hello Team,

    We have request here from customer, asking to have option to restart AP under UTM Web Admin interface. For your assistance please. Thank You.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. SPF check

    Can we can configure the system to at least quarantine for other conditions like “none” and “temporer”, etc. instead of accepting?

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. cipher

    Kann der SMTP Dämon inbound mehr Cipher unterstützen, z.B.:
    TLSECDHERSAWITHAES
    ...256
    GCMSHA384
    ...128
    GCMSHA256
    ...256
    CBCSHA384
    ...128
    CBC_SHA256

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.