SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. UEFI boot

    Make the ISO a standard UEFI ISO

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  2. Force TLS on specific email adresses

    Multiple customers have asked if it's possible that they have a single internal mailbox that requires/forces TLS, so that it denies emails if the recipient doesn't support TLS.
    There's already the option for entire domains, but they only want a specific account for the purpose of "secure emails".

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Web Proxy Fail Open for Ranged Data

    The web proxy, before 9.6, failed open for chunked data that was missing or had a misconfigured data-range header, and the data wouldn't be scanned. The old behavior created a DoS in some circumstances where the proxy would continually try to retrieve the data from the server, filling the pipe - I've had this happen to me. The behavior now is fail-closed where the connection is reset, and data is not allowed to flow. This new behavior creates an administrative overhead that is unacceptable to many small IT departments. I manage several firewalls, and in three years I've encountered one…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. RAMCO

    hi, can you please add RAMCO on the application list at the application control? we need to filter it in our company. thank you

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. spam list information

    I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to whitelist interfaces from strict TCP session handling

    A customer needs to block spoofed ACK packets on their WAN interfaces in order to pass security policies. In order to do this, they need to enable strict TCP session handling so they can avoid TCP session pickup. This works, however, it's global and causes problems for one of their applications on the LAN side.
    By allowing a whitelist of interfaces to allow TCP session pickup, the customer can meet security requirements without disturbing their application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Citrix thin client user authentication(multiple user access the same ip)

    we couldn't authenticate citrix thin client machines in sophos utm

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Create Reports of rules and definitions

    It would great when we could create a report of rules, a report of (unused, is an other question here) definitions and a report of interfaces in a readable format whice can add in a network description.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  9. DHCP option 150

    Hello Team,

    We have customer here, requesting to to have option to configure DHCP option 150 and 66 under Sophos UTM. For your assistance please. Thank You

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. mail.it@wcc.nl

    Double Check Active directory when creating users. When a new user wants to access out VPN, they must login using their AD user account. If they do this, a Sophos account is created that has backend-sync enabled and all is well.

    But often, they use their e-mail address instead. In that case, a local account is creatrd with that e-mail address. This account obviously will not have the proper AD group memberships. Trying to create a new account only using the userID is then not possible because an account with that e-mail address already exists.

    The only solution is that…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. mail.it@wcc.nl

    After reporting that Sophos still distributes an old (august 2015) and insecure (CVE-2017-7508 CVE-2017-7520 CVE-2017-7522) version (2.3.8) of the OpenVPN client (used by the SSL VPN) as an error through SophServ, I was instructed by the support engineer to post this as an idea.

    Although it seems strange that it is an idea that a security device would keep security sensitive software components up to date, I went along with this, because I want it fixed.

    What *would* be an idea is that not only Sophos kept the version it distributes up to date, but also helps keeping the clients…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Improvement suggestion: SNMP sysobjectied and (AP) access points.

    I am requesting a slight improvement change in SNMP for Sophos UTM Home edition.

    Can the sysObjectID be changed to the Sophos sysObjectID?

    Currently its set on the generic Linux one: 1.3.6.1.4.1.8072.3.2.10

    I think the Sophos one starts with: .1.3.6.1.4.1.9789

    I monitor my home net and it would be nice if discovery recognizes my Sophos UTM as a firewall instead of a Linux EndNode.

    Also is it possible to add SNMP to the AP firmware for discovery purposes and simple traffic queries? SNMP query credentials could be either added to the same SNMP config or add a new one under…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web server url hardening

    Support for IBM Lotus Notes Email for web browsers

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. jgarmon@frmlr.com

    I wish the SEA had, file attachment linking. User attaches a file to an email, and the attachment is replaced with a URL back to it. Very nice. The issue, while a PDF problem and not a SEA one, is trying to get to an attachment in an SPX PDF is horrendous on a good day, assuming a basic computer / mobile device user. No way our clients could do it and many of the are MDs. Then back late last year, Adobe disabled all attachments sent in PDF. So that caused us a lot of trouble which brought us…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. jgarmon@frmlr.com

    Not sure if this is in right category. For SPX, currently only the plain text portion of an email is processed and sent as a PDF. The result is an encrypted PDF that looks very much like it was sent in 1990 vs. the formatting provided by HTML. SPX should process HTML portion if it is present then process plain text. Case number is 8594977. Synaman (http://web.synametrics.com/SynaMan.htm) processes the HTML portion and it looks great.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Certificate on the UTM

    Out-of-the-box Sophos UTM will generate self-signed certificates for many functions as for the Web proxy signing CA. We would like to use our internal PKI infrastructure consisting of an W2K16 Enterprise RootCA because it_s certificate is trusted automatically by all Windows clients in the domain so there is no need to distribute other certificates by GPO for e.g.

    For the webadmin console we used a certificate signed by this _Root_CA and that works without problem. Because we use SSL scanning we want the web proxy _Signing CA_ to be a intermediate CA of our RootCA. I have generated the certificate…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. WAN Interface speed test

    Being able to test WAN Interfaces by isolating from the network traffic temporarly. That would be very helpful to identify slow internet connection and causes.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Altaro VM Backup to the list of applications in Application control.

    Add Altaro VM Backup to the list of programs available for selection in Application control.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. XG 135 to support half duplex

    Hello Team,

    We have customer here requesting for XG 135 to support half duplex speed interface.
    For your assistance please. Thank You.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  20. add new bandwidth monitor based on rulls and shapers

    we would like to have a real time reporting of bandwidth based on shapper and firewall rule
    as we create the shaping of bandwidth and we apply that on firewall rule but after that we can't see what is the real traffic for this rule specially when we dedicate a bandwidth for IPsec VPN or Voip

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.