SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Spam unknown sandbox/hold

    This stemmed from a particular spam message we received. The spam was not caught by the filter(s) and was sent off to "Cyren" for analysis. In the time it took from that initial email to be sent to Cyren and then confirmed as spam, it had been 4 minutes. In those 4 minutes, we received multiple emails from that same sender, with the same subject, etc, which passed through the filters just as the first had done. Once Cyren responded back that the email was confirmed as spam, the UTM began blocking any future messages from that sender (as it…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • webserver protection waf download size

      When downloading a file from a Owncloud backend via the Sophos UTM WAF, no estimated time and no file size are displayed.
      The content-length header is probably not passed through here.
      Disabling WAF features or AV scanning does not change this.

      The Sophos WAF should determine the file size and display the estimated download time when supported by the backend.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow Maxiumum Session Time per User/Group

        The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

        11 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
        • Whitelist for File Type / MIME Type Filtering

          A customer wants to put email sender addresses on a white-list not only for bypassing spam filter, but for bypassing File Extension Filter or MIME Type Filter.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Block via user agent

            Customer requesting to block traffic via user agent

            4 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Host Name

              List the host name of the firewall at the top of all pages. I work on a hundred or more and it sucks to have to go back to the dashboard eve

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Allow to add a single tagged VLAN interface to a bridge

                At the moment it is not possible to add a single VLAN to a bridge, you can only bridge a whole interface (with the whole VLAN trunk on it).
                However, under some circumstances it is necessary to e.g. bridge 2 VLAN-Interfaces together (e.g. during a VLAN migration), to bridge a single tagged VLAN to an untagged interface, to bridge a single VLAN to a RED tunnel interface (e.g. bridge the VLAN of your local clients to the LAN of a small remote office) or to bridge two VLANs with different IDs from former independent locations together (e.g. over a RED…

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                • Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF.

                  Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF. you get this for all ssl v ersions

                  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 112
                  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits FS WEAK 112
                  TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK

                  8 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • SUM (Sophos UTM Manager) needs a default root password

                    The CLI for SUM has a blank root password. If an administrator never goes to the CLI for SUM, he/she has no idea that this is a completely open system. This is incredibly unsafe and alarming for a company that sells security products. You should really hurry up and fix this as it is a vulnerability that is really embarrasing should someone publish it.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                    • Bandwith usage - hourly

                      During a day in different UTM i have peak of bandwith usage that slowdown all web traffic.
                      Is hard to find the pc that generated abnormal traffic specially if is http traffic.
                      Is possible to create a hourly filter in bandwith usage Tab?

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                      • IE 9 Browser Support for XG WebAdmin

                        I have had a request from a partner for us to add IE 9 Browser support for the Sophos XG WebAdmin if possible

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add new DynDNS service: https://spdyn.de

                          Update URL sample can be found under https://wiki.securepoint.de/SPDyn/Hostverwenden#Verwendung_mit_Fremdhardware.

                          Site is German but the page itself should be self-explanatory.

                          It would however be the best option to provide a full configurable custom dynamic DNS to the customers. It should be that hard to implement a custom URL using predefined variables.

                          Thanks!

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • DHCP Option 60 & 61

                            Addition of DHCP option 60 & 61 to allow connection of UTM to Sky Fibre. Sky uses these options for router identification and the username / logon details for the broadband service.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Zone Based Captive Portal

                              Kindly Provide Zone Based Captive Portal in next possible firmware upgrade,
                              So that firewall will push IP Address of only that specific Zone interface automatically to the users browser.
                              Currently default behavior of firewall is that it will push down only specific IP address of specific zone for all zones captive portal request which does not fulfill requirement of creating separate zone.

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • reflexion

                                Enterprise override of users unchecking "Activate Security".

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • dhcp snmp

                                  Add support to monitor the dhcp leases via snmp.

                                  Maybe this is easily possible by adding something like this:
                                  https://github.com/ohitz/dhcpd-snmp

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Application Control: Block Brave Browser

                                    Please block Brave Browser. We have students that are using it to play games, get around policies, etc..

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Enable Header Matching of Data Protection Custom Rules

                                      To match the functionality of the Sophos E-Mail-Appliance more closely, it would be helpful if it was possible to match E-Mail Headers with the Custom Rules of the Data Protection Engine.

                                      This would allow triggering SPX-Encryption by marking the E-Mail as confidential or trigger on words ONLY in the subject, not in the body.

                                      Two examples that work on the Sophos E-Mail-Appliance but do not work on the Sophos UTM:
                                      Subject: .*\[ENC\].*
                                      Sensitivity: company-confidential

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Support for Wireless Password Sync with Hotspot POD in VLAN environment

                                        After spending a great deal of time trying to get this working in my current VLAN environment.

                                        I eventually found an obscure line in the online help file that says: "Synchronize password with PSK of wireless networks (only with Hotspot type Password of the day): Select this option to synchronize the new generated/saved password with wireless PSK for separate zone networks."

                                        This should be supported by the VLAN network in a corporate environment by default.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Readonly Account for Mailmanager

                                          At the Moment, it is not possible to give an account read only rights for the Mailmanager.

                                          The possibility would be very helpful.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.