SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Unified logging

    Compared to MS Threat Management Gateway 2010, analyzing log files on UTM is a chore. TMG had several advantages:

    1. Unified firewall, waf and proxy logs.
    2. Logs were store in a single file or an internal/external SQL database
    3. The interface for analyzing log data was capable of easily creating very complex queries with point and click.
    4. Logging was on by default.
    5. Data was broken into columns automatically, did not require parsing a very long text string.
    6. Easily exported to Excel for further analysis

    I would like to see some of this implemented in UTM. Viewing…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
    • Logging: Anonymization of the original data

      The Anonymizationtool anonymized only the webreports not the original data (Livelog etc.)

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
      • remote syslog log selection

        When new logging types are released by Sophos (e.g. restd) they have to be manually enabled in Logging and Reporting > Remote Syslog Server > Remote Syslog Log Selection even if Select all was previously utilized. Instead, it would be great if Select all was persistent instead of a single-use toggle and those log types were then automatically sent to the remote syslog server upon update.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
        • Output option based on status cord

          We use HTTP proxy AD SSO. When AD SSO is used, httplog is filled with lots of status cord 407. We're pestered with increase of I/O caused by output of status cord 407.

          Because it's AD SSO, it's no doubt to request authentication. It's meaningless to output this in log intentionally. We don't want to output status code 407. So we propose addition of log output option by a status cord.

          3 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
          • Logging: show crypto session characteristics

            It is desirable to know the crypto characteristics of SSL/TLS sessions (services WAF, Web Protection, even SMTP). I am looking to know the cipher suite or its components: SSL/TLS protocol version, cipher used, MAC used, PFS group, etc). For planning purposes, it would be valuable to know which ciphersuites are in use, so that older ones such as TLS1.0 can be dropped when they are no longer needed. For forensic purposes, it becomes important if we ever need to investigate whether a successful downgrade attack has occurred.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              2 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
            • Live User List with admin can logout the session.

              Admin can see live user list and also can logout user session

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
              • User Session Page

                User can see their Session time in browser pop-up page. That pop-up page can not close without logout. (In current setting there is no logout page ones browser is closed)

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                • Bigger ChangeLog for Webadmin

                  Some of our Customers would like to have a more detailed Changelog in the Webadmin. The 20 etnries are not enough. A seperate Log for the Webadmin would be appreciated.

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                  • Number of logs to display per page in Log Viewer

                    Number of logs to display per page in Log Viewer. As earlier in cyberoam

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                    • DNS Request Logging

                      It would be great to have a full history of DNS requests. Many organizations filter TCP/UDP:53 at the edge, and employ Split-Brain DNS configurations. For smaller organizations which rely on the built-in DNS server of the UTM, it would be nice to have full logging of DNS requests; this would make for better analysis of SIEM data as well.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                      • Loggin and debugging interface

                        Hi!

                        As meny of your costumers surely do - I come from a TMG/ISA Server environment.

                        In TMG/ISA we are used to a very user friendly and well working loggin/debugging interface.

                        We have the ability to view live logs and apply filters to the log-stream.

                        In Sophos UTM9 there is also a "Filtering" option but I'm missing the possibility to filter in detail. f.ex.

                        I would like to be able to apply a filter that shows only packages going from one IP to another or from one IP with specifik type of traffic og maybe even a combination of different…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                        • I would like to suggest the possibility to monitor the current threat count and the average scan time (last 15 minutes) via SNMP, mail, etc

                          I would like to suggest the possibility to monitor the current threat count and the average scan
                          time (last 15 minutes) via SNMP, mail, etc.
                          SAV for NetApp Storage Systems

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                          • End point protection log

                            In UTM 9.3, there were a range of improvements to the Web Filtering log files including referrer URLs and user agents.

                            Unfortunately these changes did not make it into the End Point Protection (EPLog) files. The EP logs appear to be the same as the web filtering logs, only only stuck back in the v9.2 format.

                            Is it possible to propagate the recent improvements to the web filtering logs into the end point protection logs?

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                            • DSM for Qradar

                              The DSM will enable the IBM Qradar SIEM to parse logs from the Sophos UTM.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                              • Powershell Module for searching logs

                                It would be great if there were a Powershell module to allow doing granular log searches. I often like to look for specific information and in differing ways. The time to obtain this information from support is far too inefficient. For instance, I was just looking for all messages in the log with the .email top level domain.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                • Archived log

                                  I want you to add the function that can download several types of archive log by one operation.

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Build Technology Add-On (T.A) for SPLUNK

                                    Build Technology Add-On (T.A) based on Sophos UTM logs that compatible with Splunk CIM for normalize events and integrate with Splunk SIEM app (Enterprise Security) and PCI DSS.
                                    you can see F5 T.A and APP on the splunkbase.splunk.com.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add interface index to flow data to allow external packages to track it better.

                                      Add interface index to flow data to allow external packages to track it better.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                      • group

                                        Include a "group" field in the http.log to help ease with creating syslog reports.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                        • AV passthrough downloads

                                          Big downloads scanned by AV portal are not shown in logs when are not finished by clicking on download link on http://passthrough.fw-notify.net/ portal.
                                          This hides

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.