SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Unified logging

    Compared to MS Threat Management Gateway 2010, analyzing log files on UTM is a chore. TMG had several advantages:

    1. Unified firewall, waf and proxy logs.
    2. Logs were store in a single file or an internal/external SQL database
    3. The interface for analyzing log data was capable of easily creating very complex queries with point and click.
    4. Logging was on by default.
    5. Data was broken into columns automatically, did not require parsing a very long text string.
    6. Easily exported to Excel for further analysis

    I would like to see some of this implemented in UTM. Viewing…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
    • HTML5 VPN Portal - Smartcards

      It would be good if we could pass through Local Resources such as smartcards as we enforce smartcard login requirements. This is currently preventing us from using the Sophos VPN HTML5 solution

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow enabling of Encoded Slashes directly on UTM Interface

        The UTM should have a function in the Web Server Protection that allows the administrator to configure whether or not encoded slashes are allowed for the servers.

        This is especially important for specific SAP-relevant functions, such as Fiori systems.
        At the moment it's possible to manually configure this setting but it's reset everytime a change to a server is made.
        I believe that it would be best to either:
        - not overwrite the that point in the config, if enabled
        - or straight up allow this configuration in the panel.

        3 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Add time field in attacks

          Kindly add a field as "time" for "top attacks" report in the latest version of cyberoam firewall . It will be helpful if we come to know that when the attack occured for security purposes. When we see the report of "events" , time field is there but similar facility is not available for "top attacks".

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • 1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • DHCP release

              Clearing or releasing the DHCP lease IP..

              5 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • Schedule Reboot XG Firewall

                Enable the feature of schedule reboot in XG like cron job.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                • forcefully change the password on first login

                  XG firewall should ask the user to change the password on their first login (web,client, or mobile ) login

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Support for Multiple Domains for DKIM on SEA

                    Feature Request - Support for multiple domains for DKIM on Email Appliances

                    We have two email domains that send through our clustered email appliances and want to setup DKIM for both domains, however currently the email appliances only support DKIM for a single domain.

                    We would like the ability to enter more than one selector and private key within the DKIM settings.

                    6 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • GUI Switch to enable "AllowEncodedSlashes" and "nocanon" in WAF

                      We are hosting a SAP Fiori webserver behind a UTM-220. To make this fuction, you have to edit the virtual host in reverseproxy.conf manually, because Fiori needs the Apache directive "AllowEncodedSlashes On" and the parameter "nocanon" at the ProxyPass directive (for example "balancer://8f757b42....20/" lbmethod=bybusyness nocanon).

                      After manual edit of the conf file it works, but after every change in the GUI we lost these entries. Please make it possible, to change these settings in the GUI. Thank you.

                      3 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Notification OTP session time out

                        By default VPN session is droppedafter 8 hours when OTP token reaches end of validity. Causing loss of data for users. Suggest a 5-10min popup warning from the VPN session icon in the system tray so user can save data and close session and then open renewed OTP VPN session.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                        • OneDrive for Business

                          We need the possibility that the web proxy with active https scanning scans the Microsoft One Drive for Business and SharePoint data Synchronisation files

                          8 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • DNS Hosts based on SRV Adresses

                            Hi,

                            please add SRV Records as a usable Network Entity Definition. At the moment just A and CNAME Records are suitable.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Request for the list of WAF Signature on Sophos UTM

                              Request for the list of WAF Signature on Sophos UTM

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Web Application Firewall / Site Path Routing: Allow Path longer than 63 Characters

                                It should be made possible to use a path in Site Path Routing with more than 63 Characters. Especially for more complex CMS Servers, this limit is reached far too soon.

                                3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Relay Wake on LAN through Sophos XG

                                  We have lot of customers with different networks and a Sophos XG as Default Gateway.
                                  Relaying wake on lan request through Sophos XG would be nice.

                                  8 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                  • SFM - /log/applog.log data should not have the password credentials

                                    For the SFM, in advanced shell, if you run: cat /log/applog.log | grep applog
                                    The results will show the credentials used to connect to the firewalls. Please do not log the credentials in clear text.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • WAN-Bonding

                                      Please implement the posibility to bond WAN-lines. Free FW-Appliances like pfSense are able to do that. Why not Sophos?

                                      At home (my testing area, before I implement new confs in the company FWs) I have two ISPs. UnityMedia with 125/4 MBit and Telekom with 100/40 MBit. Only with an UTM it's not possible to bond the lines, so that I can use the full bandwith of both lines.
                                      Momentary I've solved that by putting a pfSense-appliance between the IPS-modems and the UTM. So I reach speeds like 223/44 MBit.
                                      But... why use an other appliance between ISP-lines and UTM? Why…

                                      21 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        7 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Perform Automatic backup when an admin logs in to the UTM

                                        Sometimes we forget to perform a manual backup before we start new configuration through WebAdmin. I think nearly erverybody who works with UTM knows the situation, that you wish to have made an actual backup before you startet configuring......
                                        A checkbox to configure automatic backups when soemone of the admins logs in to WebAdmin would be very helpful. May be it is also useful to perform an automatic backup when an ssh-login is identified.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • https://ideas.sophos.com/forums/17359-sg-utm/suggestions/183852-reporting-traffic-monitor-weekly-monthly

                                          Similar to the previous one (https://ideas.sophos.com/forums/17359-sg-utm/suggestions/183852-reporting-traffic-monitor-weekly-monthly)

                                          Peaks/period would be great to identify how the company is utilising its network. Currently the chart only shows the daily/weekly average, that does not reflect on the peaks.

                                          I believe there could be an option if the report should show the average OR the max network traffic on the charts.

                                          Thank you in advance

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.