SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Client Isolation between Clients connected to same AP

    Actually there is only a client isolation between Clients which are not connected to same Sophos AP.
    There should be a solution where all clients are isolated, even when they are connected to same AP.
    Meanwhile the restriction should be mentioned in the online help of wireless protection.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Websocket Support for Web Protection / Proxy

      this is self explaining and need no further details.

      17 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • connection up time

        This feature request is related to community forum postings and service request 8034172.

        Please provide a reporting AND monitoring option for XG* appliances to track the amount of internet up time. The report may be tied to a single port, such as port2/WAN or other ports that are user-specified.

        At present, I have no practical way to actively monitor and report how long my ADSL connection remains up. I have historically been experiencing frequent and recurring disconnects and REALLY want to be able to report when I experience disconnects, so I can bring this information to my ISP.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • Interface wise Bandwidth usage in logviewer

          Please add Interface wise Bandwidth usage in log-viewer, It will help us to find realtime bandwidth usage by specific source & destination with port.

          5 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
          • XF firewall with Sandstorm and Heartbeat for home users

            Could Sophos consider to allow the use of sandstorm and heartbeat (with sophos free AV) for home users and increasing the ip limit to 100 (IoT is around the corner) for a price per year? 10$?

            If there is other people interested it could be another stream of incomes from sophos and at then end the use that the home users will do of sandstorm will be extremely limited compared with a company with thousands of users.

            https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/85005/xf-firewall-with-sandstorm-and-heartbeat-for-home-users

            78 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              10 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • DHCP Option 121

              Please add DHCP option 121 as a preconfigured DHCP option for pushing static routes over dhcp

              3 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • DHCP Option 60 & 61

                Addition of DHCP option 60 & 61 to allow connection of UTM to Sky Fibre. Sky uses these options for router identification and the username / logon details for the broadband service.

                8 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                • remote power on

                  most of our SG's are in a datacenter. It would be nice to have a feature to power off/on a UTM (like the old HP ILO of Celestix IPMI interface).
                  If an UTM somehow is powered off we now need local support in the datacenter to do a powercycle.

                  8 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                  • HTML5 VPN Portal for iOS

                    The HTML5 VPN Portal works for almost all platforms exept iOS. It would be great if you could add support for RDP/VNC connections on iOS devices.

                    2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • dhcp snmp

                      Add support to monitor the dhcp leases via snmp.

                      Maybe this is easily possible by adding something like this:
                      https://github.com/ohitz/dhcpd-snmp

                      5 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                      • private vlan

                        Currently the Sophos UTM / XG do not support Private VLAN's. This is a major security feature that is being used more and more often especially in virtualised environments with VDI's, DMZ's or even sensitive / untrusted local equipment at an office campus.

                        With the addition of private vlan you can prevent these devices from communication with eachother. However Sophos does need to support this feature. Currently the virtual variants do support it thanks to VMware but the hardware variants do not.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Fully support QUIC (HTTPS via UDP)

                          Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
                          I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

                          More about QUIC can be read here : https://www.chromium.org/quic

                          With that said, I would like to see full support for QUIC natively in Sophos UTM…

                          21 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Provide the RESTful API to generate voucher password

                            The customer want to use the API to generate voucher password for guest user logon, they want to design the web portal for guest user to apply and get logon password, but we can't found out the syntax on the RESTful API can support this applied.

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • WAF - Allow Remote Dektop Gateway protocol Windows server 2016

                              Upgraded our RDP Gateway server to Windows 2016, and connection through the WAF is now failing. Answer from support:

                              "I have reviewed the case and have researched this issue for you. For the RDP Gateway 2012R2, RD Gateway used to use RPC (remote procedure call) in order to transport the remote desktop session over HTTP, that was & still is supported by WAF on the UTM.

                              For the Windows 2016 RDP Gateway however, Microsoft decided to change protocol they use so that instead of using RPC, they now use one called RDG. RDG is not supported by WAF on the…

                              45 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Make it possible to disable IPv6 for SMTP

                                If ipv6 is on, than its also on für smtp. But we get no static IPv6 by Deutsche Telekom AG without a expensive contract; but we get a static IPv4. With no static ipv6 we cant configure the AAAA-Record / PTR /RDNS . So our ipv6-Mails will classified as SPAM because we cant disallow to send mails via ipv6. But we will need ipv6 in the future for VPN-connections.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Let's Encrypt Integration

                                  It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
                                  Best Regards

                                  1,636 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    296 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow enabling of Encoded Slashes directly on UTM Interface

                                    The UTM should have a function in the Web Server Protection that allows the administrator to configure whether or not encoded slashes are allowed for the servers.

                                    This is especially important for specific SAP-relevant functions, such as Fiori systems.
                                    At the moment it's possible to manually configure this setting but it's reset everytime a change to a server is made.
                                    I believe that it would be best to either:
                                    - not overwrite the that point in the config, if enabled
                                    - or straight up allow this configuration in the panel.

                                    8 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add new DynDNS service: https://spdyn.de

                                      Update URL sample can be found under https://wiki.securepoint.de/SPDyn/Hostverwenden#Verwendung_mit_Fremdhardware.

                                      Site is German but the page itself should be self-explanatory.

                                      It would however be the best option to provide a full configurable custom dynamic DNS to the customers. It should be that hard to implement a custom URL using predefined variables.

                                      Thanks!

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                                        create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                                        16 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Packet filter: allow wildcard subdomains

                                          Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

                                          Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).

                                          10 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.