SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. S/MIME certificate export durch GUI.

    It will be nice, if there is a button for downloading the extern S/MIME Certificates from Email Protection > Encryption > S/MIME Certificate.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Upgrade OpenVPN to fix key lifetime OTP issue

    if you have one time password (OTP) turned on and you reach key lifetime which by default is 8 hours the VPN kicks you out because it tries to re-authenticate with the old OTP password - new versions of openvpn have fixed this - a work around is to adjust the key lifetime which decreases security

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add options to reject or quarantine emails that fail or have invalid DKIM

    Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

    35 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Option to restart AP under UTM Web Admin

    Hello Team,

    We have request here from customer, asking to have option to restart AP under UTM Web Admin interface. For your assistance please. Thank You.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. FastestVPN is the hallmark for success for VPN providers in the world here's why?

    FastestVPN was formed in the Cayman Island in 2017 and instantly became a success, their renowned features made them the best VPN for Android users, and their formidable security protocols, also named them as the best VPN for IOS users as well!
    https://fastestvpn.com/download/android-vpn

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  6. SPF check

    Can we can configure the system to at least quarantine for other conditions like “none” and “temporer”, etc. instead of accepting?

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. port 25

    The default port to email a backup copy of the settings is Port 25.

    Many ISPs block Port 25.

    It would be helpful if an alternate port could either be chosen or selected such as Port 587.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. DHCPv6 Prefix Delegation for Subrouters

    The possibility to re-delegate a ISP-Prefix to Subrouters behind the Sophos UTM.

    Scenario: The Sophos UTM is on the edge of the Network an gets a /48-Prefix. The UTM has to re-delegate a smaller Prefix to Subrouters via DHCPv6-Prefix-Delegation.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. ? - on risk level under reports

    Hi Guys, on my application risk report I see ? instead of a risk number. this is on my UTM XG135. for example for port 443. cant this be changed to may be risk 0 instead of a ? as when you view reports we cant actually distinguish what actually this means and have to login to firewall and go and pull up the report to actually see which defeat the purpose of having a report the first place.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. cipher

    Kann der SMTP Dämon inbound mehr Cipher unterstützen, z.B.:
    TLSECDHERSAWITHAES
    ...256
    GCMSHA384
    ...128
    GCMSHA256
    ...256
    CBCSHA384
    ...128
    CBC_SHA256

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. use industry standard sorting for ip list in network definitions

    use industry standard for sorting ip list in network definitions instead of the lexicographic sorting method.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. page scrolling

    On sections that have multiple pages of items, eg users, hosts, DHCP leases, make it so that when you click to the next page, the top of the next page is visible, not the bottom. Every time I click to a new page I have to scroll up to get to the top of the page.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSL VPN - create and use a certificate revocation list

    If a user is deleted from the UTM and the account was in use for SSL VPN, his user certificate should be set to a certification revocation list.
    The SSL VPN service should use this revocation list to avoid using old certificates from accounts that were created on the UTM with the same name. This is currently possible, 05/2020.
    The UTM does not maintain revocation lists for users and the SSL VPN service does not use this capability, although OpenVPN offers it.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Option for checking always emails with file attachment via the sand box /sandstorm

    Option for checking always emails with file attachment via the sand box /sandstorm

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Filter Action -Downloadsperre per Passwort/Pin Umgehen

    Wir haben in unserer SG-Firewall (Modell:SG230, in der Filteraktion „Default content filter action“ eingestellt, dass bestimmte Dateiendungen beim Download geblockt werden (exe, bat,…).

    Nun ist es für uns als Administratoren trotzdem manchmal notwendig an einem User-PC einen Download zu tätigen. Dafür müssen wir dann den Webfilter temporär ausschalten. Das ist aber ungünstig, da man schon mal vergessen kann ihn wieder einzuschalten. Es wäre von Vorteil wenn ich bei jedem einzelnen geblockten Download die Sperre z.B. mit der Bestätigung eines Passworts oder PINs, welches nur wir Admins kennen, dann trotzdem durchführen könnte.
    Esist einfacher und weniger umständlich, wenn man das direkt…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. password complexity rules for local authenticated users

    You can set the simplest passwords for local users (e.g. SSL-VPN).
    I think it is important to be able to set a guideline for the complexity of passwords

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Mixing Wireless Client Traffic Types on Same AP

    Hello Team,

    We have customer here requesting to allow bridge to lan and bridge to vlan client traffic to be configured on one AP at the same time. For your assistance please. Thank You.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. The ability allow computers to access internal web resources but block external web sites

    for instance the internal network is 10.52.112.0 the users should have access to any web resource published on internal web servers, like Quality manuals, health and Safety, Human Resources, company, company directories etc.
    However the users should not have access to browse external wen sites like google.com, facebook and whatever is external.
    This should be able to be controlled by user name, or IP address or hardware address

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Auto-renew DHCP after outage

    Whenever I reboot my networking gear or when there was an Internet outage, it remains down. I can only fix it by manually renewing the DHCP of my WAN (manually pressing "Renew" for the external interface on the Interfaces page). I want this to happen automatically, because when the cable modem gets a new firmware and is being rebooted in the night, the next day the UTM is still offline. Very cumbersome when not on site.

    In particular, not only other users mentioned it on the support pages here already, but also other users with other products have this problem.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.