SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Reflexion

    How Do I setup a scheduled report?

    I would like a daily report emailed to me of any deferred messages for any of our customers.

    I would like a Monthly report emailed to me of the users for each customer.

    I would like a monthly report emailed to me of the blocked messages for each customer. Preferably by threat level.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Flood emails with the same source

    It would be interesting some blocking method for e-mail sended from a same address in a small space of time.
    Eg: the address bruno@sophos.com sends 1000 email to the protected domain on UTM in 2 seconds.

    Remembering that this would not apply to the whole domain but to an speciffy address.

    This would be interesting when an email box is hacked and used to send many spams.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Mail manager quarantine confirmation when deleting an email

    Emails that you accidentally select as delete will be deleted without confirmation. A confirmation if you really want to delete this email would be meaningful.

    Otherwise, the e-mails will be irrevocably deleted...

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Let’s Encrypt - configurable key size

    Would be nice if it would be possible to configure the key size of automated created Let’s Encrypt certificates by Sophos UTM with Let's Encrypt Method --> described here: https://community.sophos.com/kb/en-us/132940

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. How to find out active openvpn-connections, documentation for UTM9 API

    I would like to find out wether users are connected via openvpn or not. With a single request:

    https://my.utm9/api/status/openvpn/openvpn-officemunich

    to get:

    {
    "connectionname": "openvpn-officemunich",
    "active": false,
    "last
    starttime": "2019-12-30 08:00:00",
    "last
    endtime": "2019-12-30 08:14:03",
    "history
    description": "only last 24 hours are saved",
    "history": [

    {
    
    "start_time": "2019-12-30 08:00:00",
    "end_time": "2019-12-30 08:14:03",
    },
    {
    "start_time": "2019-12-29 23:10:00",
    "end_time": "2019-12-29 23:14:03",
    }

    ]
    }

    It is a great idea to have an API for Sophos UTM9 and to publish documentation here:

    https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx

    This documentation is from 9/2017 and I hope to find more substantial info in this document or…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Simultaneous logins setting by groups

    we need Simultaneous logins setting through which we fetch from the AD, with that we are able to set user login restrictions any number of login in one click

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  7. Multiple vlan support on pppoe interface

    I it possible to create support of multiple vlans on one pppoe interface? We do need it for our internet provider Telfort/KPN/XS4ALL. PFsense does support it, but Sophos UTM (software) does not.

    Internet is on vlan 6
    IPTV on vlan 4
    Connection PPPOE

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Web Protection Only EndPoint Agent

    It would be awesome to have a lower cost agent just to deploy congruent webfiltering etc to mobile devices. Having to pay for the full agent just to switch everything else off (especially now that Sophos Central is the recommended route for the other features) is superfluous and a bloatier solution.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Set a full set of snmp / api class / call for basic and deeper PRTG monitoring

    could it implemented, that the utm can be monitored by snmp - in all variants of working, activated modules by snmp or api.

    it is in this century not possible to monitoring deeper details of the utm. basically, there are any point s reachable - but it makes not the needings of an working utm with reds, vpns and else without any deeper investigations.

    Of course, be a partnership with paessler, like it was made by other software creators.
    So, it could be set as a given sensor in the PRTG gui, supported from Sophos / Paessler - it will…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  10. Check the DHCP server's 'Range' when creating a Host with Static IP

    When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed. Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult. Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy. For example, I just got the following:

    secure:/root # cc get_objects dhcp server|grep 'range

                        'range_end' => '172.16.31.110',
    
    'range_start' => '172.16.31.101',
    'range_end' => '192.168.66.254',
    'range_start' => '192.168.66.100',
    'range_end' => '10.100.100.63',
    'range_start' =>
    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Custom Block Messages depending on different networks

    We want to be able to show different block messages to request from different users/networks/filteractions.

    We have one public hotspot were we provide internet access and another private company wifi.

    We want to be able to only show the administrators info (like telephone number) to the private wifi.

    Please implement this as a feature if possible.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. da (P)FS bei TLS zwingend für Behörden laut BSI gefordert ist und ach bald im BSI-Grundschutz aufgeführt wird.

    Feature Request eine generelle Option in der GUI wird benötigt , damit nur Forward Secrecy fähige Ciphers verwenden werden können, damit auch andere TLS Versionen damit abgedeckt wären.

    Das Problem ist, das das BSI im April neue technische Maßnahmen für den IT-Grundschutz heraus gegeben hat.

    Darin wird für Web-Anwendungen nur noch TLS 1.2 und TLS 1.3 mit FS empfohlen.

    Der eingriff über CLI ist nicht gewünscht:
    ................................................
    /var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf
    Finden Sie recht weit oben die Zeile :
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    Das was hier eingetragen ist. wird vom Rev-Proxy angeboten.
    Änderungen hier und Folgeprobleme (Sitchwort Backportability alte Clients zu neuen Cipher suites) sind…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSL VPN Remote Connection after a time automatically configured from the firewall, disconnect

    For an industrial remote connection, we need restrictive configuration options. with a UTM firewall, we would have to be able to interrupt remote access from the firewall. It would be great if each dialed connection could be disconnected after a certain time, as an example of an hour. with increasing internet attacks, we unfortunately have to pay more and more attention to possible entry gates.
    Will it be possible to find such a feature in Sophos firewalls in the near future? Especially for our purposes, with the SG115 UTM. At best a script that would install this feature?

    Translated with …

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. vdsl

    UTM should be able to use untagged VLAN 1 for VDSL - PPoE, when using the Sophos VDSL SFP transceiver, There are a number of ISP that deliver their service on untagged VLAN 1.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  16. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Let's Encrypt - Editable Certificate in Certmanager

    As we use Let's Encrypt for Exchange Secure and have to add additional customer Domains every few days it would be nice to have a 'Edit' Button in Certificate Manager to add those Domains rather to create a new Certificate, remove the old one and change it everywhere in Sophos

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide link for checksums along with firmware download

    As far as I can see, there are no checksums provided for firmware downloads for Cyberoam UTM devices. Providing hashes using a known strong algorithm (e.g. SHA256) is standard practice, and is especially important for firmware upgrades for critical security infrastructure. This is trivial to implement and it would be nice to have a link to hashes added in the notification banner for firmware upgrades. Bonus points for signing it with a GPG key.

    It's possible that these are available, but they should be more apparent and be located in the same place as the firmware file or with the…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
  19. ssl vpn IP blacklist / whitelist

    i am getting a lot of rouge traffic trying to connect to my SSL VPN - black listing and white listing IP's, IP ranges or ISP's would be good

    i know that it's secure and chances are they will never get in - though all the extra protection helps and if a flaw was ever found in openvpn this would help

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. Request to have the attachment of the email to get filter under filter expression under email protection of UTM.

    Hello Team,

    We have customer here requesting to have the attachment of the email to get filter or get detected under filter expression under email protection of UTM. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.