SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. spam list information

    I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to whitelist interfaces from strict TCP session handling

    A customer needs to block spoofed ACK packets on their WAN interfaces in order to pass security policies. In order to do this, they need to enable strict TCP session handling so they can avoid TCP session pickup. This works, however, it's global and causes problems for one of their applications on the LAN side.
    By allowing a whitelist of interfaces to allow TCP session pickup, the customer can meet security requirements without disturbing their application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Citrix thin client user authentication(multiple user access the same ip)

    we couldn't authenticate citrix thin client machines in sophos utm

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create Reports of rules and definitions

    It would great when we could create a report of rules, a report of (unused, is an other question here) definitions and a report of interfaces in a readable format whice can add in a network description.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAN Interface speed test

    Being able to test WAN Interfaces by isolating from the network traffic temporarly. That would be very helpful to identify slow internet connection and causes.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. mail.it@wcc.nl

    Double Check Active directory when creating users. When a new user wants to access out VPN, they must login using their AD user account. If they do this, a Sophos account is created that has backend-sync enabled and all is well.

    But often, they use their e-mail address instead. In that case, a local account is creatrd with that e-mail address. This account obviously will not have the proper AD group memberships. Trying to create a new account only using the userID is then not possible because an account with that e-mail address already exists.

    The only solution is that…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. mail.it@wcc.nl

    After reporting that Sophos still distributes an old (august 2015) and insecure (CVE-2017-7508 CVE-2017-7520 CVE-2017-7522) version (2.3.8) of the OpenVPN client (used by the SSL VPN) as an error through SophServ, I was instructed by the support engineer to post this as an idea.

    Although it seems strange that it is an idea that a security device would keep security sensitive software components up to date, I went along with this, because I want it fixed.

    What *would* be an idea is that not only Sophos kept the version it distributes up to date, but also helps keeping the clients…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Improvement suggestion: SNMP sysobjectied and (AP) access points.

    I am requesting a slight improvement change in SNMP for Sophos UTM Home edition.

    Can the sysObjectID be changed to the Sophos sysObjectID?

    Currently its set on the generic Linux one: 1.3.6.1.4.1.8072.3.2.10

    I think the Sophos one starts with: .1.3.6.1.4.1.9789

    I monitor my home net and it would be nice if discovery recognizes my Sophos UTM as a firewall instead of a Linux EndNode.

    Also is it possible to add SNMP to the AP firmware for discovery purposes and simple traffic queries? SNMP query credentials could be either added to the same SNMP config or add a new one under…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web server url hardening

    Support for IBM Lotus Notes Email for web browsers

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. jgarmon@frmlr.com

    I wish the SEA had, file attachment linking. User attaches a file to an email, and the attachment is replaced with a URL back to it. Very nice. The issue, while a PDF problem and not a SEA one, is trying to get to an attachment in an SPX PDF is horrendous on a good day, assuming a basic computer / mobile device user. No way our clients could do it and many of the are MDs. Then back late last year, Adobe disabled all attachments sent in PDF. So that caused us a lot of trouble which brought us…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. jgarmon@frmlr.com

    Not sure if this is in right category. For SPX, currently only the plain text portion of an email is processed and sent as a PDF. The result is an encrypted PDF that looks very much like it was sent in 1990 vs. the formatting provided by HTML. SPX should process HTML portion if it is present then process plain text. Case number is 8594977. Synaman (http://web.synametrics.com/SynaMan.htm) processes the HTML portion and it looks great.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Certificate on the UTM

    Out-of-the-box Sophos UTM will generate self-signed certificates for many functions as for the Web proxy signing CA. We would like to use our internal PKI infrastructure consisting of an W2K16 Enterprise RootCA because it_s certificate is trusted automatically by all Windows clients in the domain so there is no need to distribute other certificates by GPO for e.g.

    For the webadmin console we used a certificate signed by this _Root_CA and that works without problem. Because we use SSL scanning we want the web proxy _Signing CA_ to be a intermediate CA of our RootCA. I have generated the certificate…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Altaro VM Backup to the list of applications in Application control.

    Add Altaro VM Backup to the list of programs available for selection in Application control.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG 135 to support half duplex

    Hello Team,

    We have customer here requesting for XG 135 to support half duplex speed interface.
    For your assistance please. Thank You.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  15. add new bandwidth monitor based on rulls and shapers

    we would like to have a real time reporting of bandwidth based on shapper and firewall rule
    as we create the shaping of bandwidth and we apply that on firewall rule but after that we can't see what is the real traffic for this rule specially when we dedicate a bandwidth for IPsec VPN or Voip

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  16. SUM log traffic for automatic firewall rules

    When we create an IPSEC VPN in SUM and use "automatic firewall rules" option, we can't edit the option "log traffic" for these rules and so we can't see the logs for these rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Capability to add iphone as additional interface under UTM

    Hello Team,

    We have customer here requesting to have capability to add iphone as additional interface under UTM. For your assistance please. Thank You.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please add in Sophos UTM in Web Protection>Application Control>Application Control Rules the new application control for Discord - Free Voic

    The app Discord - Free Voice and Text Chat for Gamers, https://discordapp.com/ is not listed in Application control list. Please add in Sophos UTM in Web Protection>Application Control>Application Control Rules this application. Thank you

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. sandstorm Exclusion in SUM

    Provide the ability to configure sandbox/sandstorm tick box in exclusions pushed out by SUM to UTMs

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Reflexion

    Dynamic Host Names for Trusted Hosts

    Reflexion needs a solution to allow dynamic host names for trusted hosts for clients that use dynamic ISP services (likely 99% of clients use dynamic ip services). Adding a IP Host to these clients and managing this everytime the IP address is changed by the ISP is not an ideal solution. All of our clients use a Sophos XG and we can use the built in XG dynamic IP names (ie: client.myfirewall.co) to define the IP address. Simply allowing the use of a host name would resolve this.

    Andre

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.