SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Force TLS on specific email adresses

    Multiple customers have asked if it's possible that they have a single internal mailbox that requires/forces TLS, so that it denies emails if the recipient doesn't support TLS.
    There's already the option for entire domains, but they only want a specific account for the purpose of "secure emails".

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Chromebook Filtering

    Any plans to offer an extension-based Chromebook filter? It would be great to have a single lens for filtering of all devices.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Executive Reports (firewall) of top Ten should exclude packets that do not traverse the firewall

    Executive Reports of top Ten include packets which are dropped by the UTM. Since the goal of network admins is to detect unauthorized traffic which penetrates the firewall, Executive Reports which include dropped packets are a waste of time. For every item, the admin is forced to download the appropriate firewall log file and see of the IP address in question is included in the list of drops. This is a great waste of time. If you do not fix this, our company will be forced to find an alternative solution.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make IPFIX export port configurable

    As of 9.601-5 the UDP port for IPFIX flow export is hard coded at 4739. Please consider making this a configurable port number! We are trying to incorporate flow from UTM into an existing monitoring tool listening for flow data on a different port. My choice now is either no flow data at all from UTM, or reconfigure all our other devices and monitoring software to use the sophos hard coded port.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSL VPN autorized using MAC address. So put control over unknow devices.

    For example we have 5 person with marketing team. when they are out of network they connect using ssl vpn. But they also connect with their personal laptop. for the Restriction to their personal laptop MAC based ssl vpn policy.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Policy Helpdesk

    In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.

    If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sandbox

    Hello,
    It would be nice if you could add the sandbox function to the user portal so that users could check and submit data themselves.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Remove the Limit of 50 Configs in OpenVPN GUI

    Currently there is a limit of 50 configs in OpenVPN GUI.
    There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

    I would like to see that in Sophos UTM SSL VPN Client too.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. DNS over TLS

    Please implement support for DNS over TLS queries to supported resolvers (like the new Quad9 resolvers). Very important privacy feature, imho.

    98 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. IPv4 Fallback for IPv6 with Proxy in Standard Mode (Happy Eyeballs)

    If a webserver is resolvable in DNS with both IPv4 and IPv6 addresses (A and AAAA Records) the UTM Proxy will prioritize IPv6, which is ok.

    If the server is not reachable on IPv6 no fallback to IPv4 happens if the proxy is running in Standard mode.

    The provided workarounds are:
    1 -disable IPv6 on the ASG
    => Seriously, disable IPv6 in 2019 ?

    2 -add a DNS static entry for every affected site with only an IPv4 record
    => Definitely not starting to statically add internet hosts...

    3 -use HTTP proxy transparent mode instead
    => well yeah, but want…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Veeam replication to Applications

    Please add an application category for Veeam replication traffic. It currently appears as the highest traffic volume as "Unclassifed" - sick of having to explain it every month.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add Altaro VM Backup to the list of applications in Application control.

    Add Altaro VM Backup to the list of programs available for selection in Application control.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. XG 135 to support half duplex

    Hello Team,

    We have customer here requesting for XG 135 to support half duplex speed interface.
    For your assistance please. Thank You.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  14. 38 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add VPN Tunnel(s) to the SFM Device Monitor

    The Device monitor has:
    - Conn. to Central Mgmt
    - Gateway Status
    - Interface Status
    - RED Status

    First of all, none of our clients need RED, but almost all of them have S2S VPN. Can you add a way to pick what bits to monitor on the Device Monitor and allow me to decide what to display in the NOC?

    Thanks!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. application control

    At the moment it´s not possible to add custom categories under Web Protection -> Application control. Therefore it´s not transparent with application control to get a detailed information what amount of traffic/bandwith is needed for own applications because application which a not predefined by Sophos are only shown in application category “unclassified”

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  17. message if ipsec client becomes active

    our customer need an info , looks like site2site ipsec up/down , but for IPSEC Client.
    So if an employee or some one get connected over IPSEC, the admin get an info.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. UEFI boot

    Make the ISO a standard UEFI ISO

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  19. http log

    In order to facilitate analysis by our CASB of traffic and traffic amounts to and from shadow IT, please provide the number of bytes up & down information in the SG proxy logfiles (like already done by XG as “sentbytes=*** recvbytes=xxxxxx).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  20. DNS Forward Only or Forward First Option

    Please add an option in Network Services>DNS>Forwarders to select forward only or forwared first using a check box. If the box is checked DNS forwarders use forward only. Unchecked returns to the default state of forward first. The check box actions would remain static regardless of updates/restarts. The check box options would effectively have the same function as changing the named.conf setting to forward only or forward first Thank you!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.