SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos Central Grouping feature & AD Sync improvements

    It would be nice to improve the AD Sync Client with following features:
    - AD Sync on OU level
    - Sync Computer Objects in Security Group Object and apply a Synced Security Group Object as Computer Group in the Sophos Central Web-GUI. Like this is with the User Objects already implemented.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
    • Sandstorm check from quarantained mail's

      I would like to be able to send mail’s incl. attachment from quarantine to Sandstorm for scanning. The affected customers do not leave any dates and scan by hand ... dare but not completely to Sandstorm convert. The desired function would on the one hand bring the added value for the customer and certainly move one or the other to the purchase.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • '

        '

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Flag idea as inappropriate…  ·  Admin →
        • SMTP look-ahead option to use VRFY

          for SMTP look-ahead recipient validation, add the ability to choose between RCP TO: (actual method) or VRFY: method. Some mail servers (ie DOMINO) always return OK on a RCPT TO (the email validation being done at a later stage on the domino server) . but they comply with the VRFY command.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • SIP Invite NAT from Internal PBX/VoIP Gateway

            Provide SIP Invite NAT for internal PBX/VoIP Gateway. As stated by a Sophos engineer, this function is only available for internal VoIP phones registering externally to offsite PBX. Current feature does not work for internal VoIP gateways or PBXs.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
            • SIP Invite NAT from Internal PBX/VoIP Gateway

              Provide SIP Invite NAT for Internal PBX/VoIP Gateway. Currently Internal VoIP gateway SIP Invite headers does not get IP address translated when going to external interface to the SIP Provider; they receive internal IP SIP Invite headers. According to Sophos Engineer, this function is only available for internal VoIP phones registering to external SIP provider. SIP Helpers or NAT does not change SIP Invite Headers from internal IPs to External IP address from VoIP Gateway or PBX.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Notifications for failed VPN login

                It would be good if notifications could include failed VPN connection attempt.

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                • exe filter bypass

                  have an issue this link downloads an exe and bypasses my exe filter - http://www.tec-it.com/forward/vc2015x86redist-14.0.24215.1

                  this link (http://software.bigfix.com/download/bes/util/Sha1.exe?cm_mc_uid=03907949092314956501473&cm_mc_sid_50200000=1495650147) is blocked by my exe filter

                  this is a very big bug - is the first link even virus scanned

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Spam Digest and out of office reply

                    If users in absence receive e-mail which will be blocked / quarantined by spam engine, sender will not informed about the absence by out of office reply since no incoming e-Mail will trigger the send out of the reply. Would be great to have a solution for that issue.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • DMARC reporting

                      I would like to have the UTM generating reports by grabbing the emails sent as aggragate reports so you would not have to setup agari or such

                      3 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Web Application Firewall / Site Path Routing: Allow Path longer than 63 Characters

                        It should be made possible to use a path in Site Path Routing with more than 63 Characters. Especially for more complex CMS Servers, this limit is reached far too soon.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Fully support QUIC (HTTPS via UDP)

                          Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
                          I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

                          More about QUIC can be read here : https://www.chromium.org/quic

                          With that said, I would like to see full support for QUIC natively in Sophos UTM…

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Wireless: Support of non-Sophos Access Points

                            Many customers have non-Sophos APs but would like to use some Wireless Protection feature. Therefore it would be nice if a small choice of Wireless Protection features were available for non-Sophos APs.

                            48 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • allow web filtering exceptions to use the referrer field as well as the URL field

                              This would enable (for instance) youtube videos to be accessible as long as they were referred from a trusted website.

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow for the encryption level for SNMP v3

                                Currently when configuring SNMP v3 for network monitoring, the encryption is automatically set to AES, but does not identify the strength of the encryption. It has been found through testing that the AES encryption being utilized is AES 128, which is below the requirements for regulations such as Payment Card Information (PCI) and the Health Insurance Portability and Accountability Act (HIPAA) compliance. It would be greatly helpful to allow for the selection of the AES encryption level when configuring SNMP v3 for network monitoring.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                • Issue: Client IP in Sophos UI does not update when client IP changes

                                  VLAN 14 Returned by RADIUS Server:

                                  Calling-Station-Id = "00-27-10-6F-60-04"

                                  Tunnel-Type:0 += VLAN

                                  Tunnel-Medium-Type:0 += IEEE-802

                                  Tunnel-Private-Group-Id:0 += "14"

                                  Confirmed Test Client has IP in VLAN 14:

                                  wlan0 Link encap:Ethernet HWaddr 00:27:10:6f:60:04

                                  inet addr:10.100.14.130 Bcast:10.100.14.255 Mask:255.255.255.0

                                  Wireless client in Sophos UI shows VLAN 14 IP:

                                  *Client is then disconnected and reconnects (new VLAN will be assigned)

                                  VLAN 15 Returned by RADIUS Server:

                                  Calling-Station-Id = "00-27-10-6F-60-04"

                                  Tunnel-Type:0 += VLAN

                                  Tunnel-Medium-Type:0 += IEEE-802

                                  Tunnel-Private-Group-Id:0 += "15"

                                  Confirmed Test Client has IP in VLAN 15:

                                  wlan0 Link encap:Ethernet HWaddr 00:27:10:6f:60:04

                                  inet addr:10.100.15.240 Bcast:10.100.15.255 Mask:255.255.255.

                                  Wireless client in Sophos UI still shows VLAN 14 IP…

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add MAC Authentication for Open SSID

                                    I think it would be a good idea to add MAC Authentication as an option for open SSIDs. This allows a device that is unable to configure a supplicant to authenticate via RADIUS using the devices MAC address as the username and password. With Meraki, Aruba, Aerohive and others this typically shows up as MAC Authentication, MAC-based access control, etc.

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • RADIUS Change of Authorization (CoA)

                                      Please add support for RADIUS Change of Authorization (CoA).

                                      The use case is we are attempting to perform a RADIUS Change of Authorization (CoA) for wireless clients connected to an AP managed by the XG. With Cisco, Meraki, Aruba, Aerohive and others this typically shows up as "rfc-3576" support in the UI.

                                      It would allow the XG wireless controller to accept a RADIUS CoA packet (typically sent on UDP port 3799) from a RADIUS server to disconnect a client so it can receive a new RADIUS attribute from the RADIUS server.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Deliver Complete Certificate Chain for User Portal

                                        The user portal in the UTM is not able to deliver the complete certificate chain. It is missing intermediate certificate due to which our VPN Portal is categorized B on online SSL Testing websites.

                                        6 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                        • idrive application (backup & Storage)

                                          Please add the IDrive application into the application control feature.

                                          http://www.idrive.com/

                                          thanks,
                                          Jonathan

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.