SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DNS over TLS

    Please implement support for DNS over TLS queries to supported resolvers (like the new Quad9 resolvers). Very important privacy feature, imho.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow to add a single tagged VLAN interface to a bridge

      At the moment it is not possible to add a single VLAN to a bridge, you can only bridge a whole interface (with the whole VLAN trunk on it).
      However, under some circumstances it is necessary to e.g. bridge 2 VLAN-Interfaces together (e.g. during a VLAN migration), to bridge a single tagged VLAN to an untagged interface, to bridge a single VLAN to a RED tunnel interface (e.g. bridge the VLAN of your local clients to the LAN of a small remote office) or to bridge two VLANs with different IDs from former independent locations together (e.g. over a RED…

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Add new DynDNS service: https://spdyn.de

        Update URL sample can be found under https://wiki.securepoint.de/SPDyn/Hostverwenden#Verwendung_mit_Fremdhardware.

        Site is German but the page itself should be self-explanatory.

        It would however be the best option to provide a full configurable custom dynamic DNS to the customers. It should be that hard to implement a custom URL using predefined variables.

        Thanks!

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • DHCP Option 60 & 61

          Addition of DHCP option 60 & 61 to allow connection of UTM to Sky Fibre. Sky uses these options for router identification and the username / logon details for the broadband service.

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
          • DHCP release

            Clearing or releasing the DHCP lease IP..

            5 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
            • Relay Wake on LAN through Sophos XG

              We have lot of customers with different networks and a Sophos XG as Default Gateway.
              Relaying wake on lan request through Sophos XG would be nice.

              8 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • WAN-Bonding

                Please implement the posibility to bond WAN-lines. Free FW-Appliances like pfSense are able to do that. Why not Sophos?

                At home (my testing area, before I implement new confs in the company FWs) I have two ISPs. UnityMedia with 125/4 MBit and Telekom with 100/40 MBit. Only with an UTM it's not possible to bond the lines, so that I can use the full bandwith of both lines.
                Momentary I've solved that by putting a pfSense-appliance between the IPS-modems and the UTM. So I reach speeds like 223/44 MBit.
                But... why use an other appliance between ISP-lines and UTM? Why…

                21 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  7 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                • Uplink Monitoring - bind a monitoring host to a monitoring action

                  Scenario:

                  Main office communicates to multiple (3) branch offices over a single MPLS link. While we can create a monitoring host for each of the branch offices, it is not possible to bind a monitoring host to a particular action.

                  Presently when any of the monitoring hosts are detected to be offline, all Actions are performed. Greater granularity would allow the UTM to perform Action B only when Monitoring Host B is offline.

                  9 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                  • SIP Invite NAT from Internal PBX/VoIP Gateway

                    Provide SIP Invite NAT for internal PBX/VoIP Gateway. As stated by a Sophos engineer, this function is only available for internal VoIP phones registering externally to offsite PBX. Current feature does not work for internal VoIP gateways or PBXs.

                    3 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                    • hostname

                      The UTM hostname needs to be FQDN so that things such as OpenVPN config file can resolve externally. But, this external FQDN should not necessarily be used for internal operations. One can set DNS A records/CNAMES in internal resolvers to anything, but virtually everything, such as notifications, references the FQDN and this can be confusing. It would be better to have a hostname (internal) and then multiple different external FQDNs, depending on the service in question.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                      • BGP Resets When Adding New Subnet

                        BGP Shouldn't reset When new subnet is added. This is uncommon that you add a subnet to advertise in BGP and whole BGP resets causing disruption to all users.

                        Also, BGP graceful restart should be added.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • iftop

                          Need to have the iftop command to diagnoze bandwith usage.
                          The current "live connection" view is too limited in sorting.

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • SNI Support for XG Firewall

                            Server Name Indication (SNI) can be used to host multiple SSL sites on a single IP/Port. See http://en.wikipedia.org/wiki/Server_Name_Indication for details. It is already on UTM, but not XG. This will probably be needed if you ever decide to allow XG Firewall to request and manage Let's Encrypt certificates for multiple domains.

                            7 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Uplink monitoring & automatic action

                              Automatic action (Interface & Routing ==> Uplink monitoring ==> Action) work only when the first interface in the Uplink Balancing ==> Active interfaces is in "Down" status

                              We would that automatic actions work with any interfaces in the Uplink Balancing ==> Active interfaces.
                              We would that automatic actions work also when an interfaces is in "Error" status (internet access is not OK,..)

                              Thanks for your help

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                              • QoS Prioritization

                                The ability to prioritize data packets based on their QoS flags (TOS + DSCP) automatically on an SG UTM appliance. This would enable high priority items such as VOIP to take precedence over standard email, web traffic, etc without the need to create complex rules for traffic shaping, throttling or guaranteed bandwidth settings.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add AWS Route 53 as a DynDNS provider

                                  Add a DynDNS provider for Amazon Web Services (AWS) Route 54

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Make the TTL/Timeout for DNS Groups user-configurable in Webadmin

                                    At moment DNS Groups have a default timeout of one week. You can only change that manually in cc-menu but it should be user-configurable in webadmin (there already exists an rpm for 9.407 said the support). Please make it possible to change it in webadmin for convenience!

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Bind IP Pool to MAC addresses

                                      Bind IP Pool to MAC addresses
                                      Hi,

                                      Binding through DHCP a specific list or pool of IPs (ex. 192.168.1.1 to 192.168.1.20) to a specific list of predefined MAC addresses.

                                      The idea is that a device with a MAC address in a list or group always gets an IP from a specific list or range of IP addresses. It is not necessarily always the same IP to the same MAC.

                                      IP DHCP Pool:
                                      10.10.10.1 to 10.10.10.9

                                      MAC Addresses allowed:
                                      MM:MM:MM:SS:SS:S1
                                      MM:MM:MM:SS:SS:S2
                                      MM:MM:MM:SS:SS:S3
                                      MM:MM:MM:SS:SS:S4
                                      MM:MM:MM:SS:SS:S5

                                      etc...

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • SNAT with multiple addresses in source pool

                                        Please add support for using a list of IP numbers as the "Change source to" field in an SNAT rule. Essentially, allow SNAT from may to few with overload.

                                        As an example, in iptables, SNAT a /24 to 3 external addresses in round robin (with PAT only when needed) would be

                                        iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source x.y.z.1-x.y.z.3

                                        Not currently possible with the UTM's UI.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Quota Management

                                          must add in User identity after user finish Quota Automatic to change speed to low speed
                                          like i have Speed 2M and i have 10GB after finish 10 GB user lower speed liken 512k
                                          with new limit after finish it internet off

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 13 14
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.