SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Disable option for users time to use for a site

    When you configure quota the user get a page for “Select how to your remaining time quota to use” I am missing the option to disable this.

    I want to get only get a message when the users use al of there quota.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • DHCP Option 121

      Please add DHCP option 121 as a preconfigured DHCP option for pushing static routes over dhcp

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • private vlan

        Currently the Sophos UTM / XG do not support Private VLAN's. This is a major security feature that is being used more and more often especially in virtualised environments with VDI's, DMZ's or even sensitive / untrusted local equipment at an office campus.

        With the addition of private vlan you can prevent these devices from communication with eachother. However Sophos does need to support this feature. Currently the virtual variants do support it thanks to VMware but the hardware variants do not.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Treat UTM Proxies as Network Protocols

          When adding a new 'Service Definition', we need to be able to pick one of the proxy services as the 'Type of definition' so that we can enable tighter security on non-standard ports.

          An example of this would be to define a new service named "HTTP.8080" of type "HTTP" source port "1:65535" and destination port "8080" to allow 8080 traffic to still be scanned by the Web Security HTTP proxy.

          Another example of this would be to make a new service named "HTTPS.444" of type "HTTPS" source port "1:65535" and destination port "444" to allow 444 traffic to still be…

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Notification settings for more IDs

            WARN-129, among others, is not available in the notifications section.

            To keep the list short, a custom text form or dropdown would be nice:
            Simply enter or select the unlisted ID you want to configure for notifications and add it to the list of common IDs.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
            • Application Control Policy: Productivity Score

              Fickr, Photobucket and Picasa all have a Risk 3, Productivity 1 score. I think this should be revisited as many businesses use these services. I submit that these should be classified Risk 3, Productivity 3, to differentiate them from other more pervasively non-business image services.

              Also; why does Engadget have a application control policy when many other similar websites do not? And, why is it considered such a high risk?

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
              • Sophos UTM: Store Backups in S3

                It would be great if backup (under Management->Backup/Restore) could save backups to S3 using a profile already defined under Definitions & Users-> AWS Profiles.

                Options:
                * Bucket name, key prefix

                * Use existing password based encryption to encrypt file, or plaintext

                * Use S3 KMS SSE, or specify a custom KMS key to encrypt the data with. (Both of which are quite simple to implement if you are using the boto3-based awscli

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • RED : Configurable RED WAN Speed and Duplex Mode

                  Dear Sophos Team,

                  please implement configurable Wire-Speed Settings on the RED WAN Interface.

                  Right now it's on autonegotiation.
                  Unfortunately there are some broken routers and sometimes the RED WAN Interface need to be set to e.g. 100 mbits Full-Duplex.

                  Please also take a look at https://ideas.sophos.com/forums/17359-sg-utm/suggestions/18573559-configurable-mtu-on-red , if AutoNeg is broken, MTU may also have a hiccup.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                  • Email Protection : TLS Version and Ciphersuite selection

                    Dear Sophos Team,

                    please add an TLS Version selector to the Email Protection settings, like it's already done in "Webserver Protection > WAF > Advanced".

                    In addition, please add an Ciphersuite Selector, so advanced users can specify further down which ciphersuite ( ECDH-* / DHE-*/ AES-*/ .. / ) they want to use.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • PCAP retrieval for IPS

                      If an Intrusion Prevention System log generates an alarm in Sophos UTM, it would be very valuable to have the full-content PCAP of the traffic that caused the IPS to fire.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Time base routing in Sophos UTM feature should be available.

                        I request to you Customer requirement time base routing in Sophos UTM feature should be available.
                        Please add this feature incoming firmware

                        Sophos SG135

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Specify RED source WAN interface

                          I sure hope this isn't a duplicate. I have a client who has UTM at his sites. Each site has two internet circuits, from to difference providers, and each site has the same two providers as the other sites. He would like to pin a RED using the first vendor's internet circuits, and pin a second so the red will be built only on the second internet company's circuit. While you can control the destination of the RED, it doesn't appear that you can control the source interface for a given RED. I am suggesting that it would be possible…

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                          • Enable office 365 Exchange Mail Settings

                            Enable office 365 Exchange Mail Settings in Cyberoam CR35iNG Appliance

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                            • Http prxy graphical real time presentation

                              One thing I would have liked in Sophos UTM is a status report for the http proxy, as I find it difficult to see what the http proxy computes when the proxy eats most of the CPU.

                              I would love to see a webpage with graphical presentation of all proxy requests that take longer than X ms (adjustable). For each of these requests, I wish information about:

                              • Who/source (hostname/IP address) that created the request
                              • Destination URL/Destination (Protocol, Url/IP Address) to which the request refers
                              • Current processing time, ie, how long has the proxy worked with the request …

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                              • Using IAM Roles instead of setting up an IAM profile with access keys

                                We want to create a new feature request for Sophos UTM9.

                                In the latest version of Sophos UTM, in order for us to send logs to CloudWatch we are required to setup an AWS profile with Access Keys and Secret Access Keys. This is not a secure AWS pratice.

                                Can you please update this feature to include an option to choose "AWS IAM Role" instead of adding the access keys?

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                • Interface wise Bandwidth usage in logviewer

                                  Please add Interface wise Bandwidth usage in log-viewer, It will help us to find realtime bandwidth usage by specific source & destination with port.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                  • bypass users

                                    i blocked zip & exe's downloads (as they may contain zero day) it would be good if web protection-> bypass users could bypass the restriction - at the moment it only works with web pages

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • DNS visibility controls based on connection

                                      Different remote access configurations have differing needs for access to internal resources. Users with limited access rights should only be provided enough DNS information to complete the connections that they need. Resolving any other address can produce several different problems: (1) For WAF and any other externally-published resources.: A remote access user, with limited access to internal systems, may still be required to access other resources through externally-published addresses, such as a WAF site. If his remote access connection only returns internal information, he will be misdirected and unable to access the resource that he is supposed to used. (2)…

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Fix memory leak in WebAdmin Dashboard

                                        WebAdmin tab memory usage grows and grows until it crashes both in Chrome and Firefox.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Make it possible to disable IPv6 for SMTP

                                          If ipv6 is on, than its also on für smtp. But we get no static IPv6 by Deutsche Telekom AG without a expensive contract; but we get a static IPv4. With no static ipv6 we cant configure the AAAA-Record / PTR /RDNS . So our ipv6-Mails will classified as SPAM because we cant disallow to send mails via ipv6. But we will need ipv6 in the future for VPN-connections.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 166 167
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.