SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. tag support parent proxy

    if there already tagged websites, it would be nice to support these tagged sites also in the parent proxy.

    4 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • tagged websites in exceptions

      in the webfilter exceptions you can configure websites "tagged as", however this doesn't work.

      4 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Interface wise Bandwidth usage in logviewer

        Please add Interface wise Bandwidth usage in log-viewer, It will help us to find realtime bandwidth usage by specific source & destination with port.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • bypass users

          i blocked zip & exe's downloads (as they may contain zero day) it would be good if web protection-> bypass users could bypass the restriction - at the moment it only works with web pages

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
          • DNS visibility controls based on connection

            Different remote access configurations have differing needs for access to internal resources. Users with limited access rights should only be provided enough DNS information to complete the connections that they need. Resolving any other address can produce several different problems: (1) For WAF and any other externally-published resources.: A remote access user, with limited access to internal systems, may still be required to access other resources through externally-published addresses, such as a WAF site. If his remote access connection only returns internal information, he will be misdirected and unable to access the resource that he is supposed to used. (2)…

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Fix memory leak in WebAdmin Dashboard

              WebAdmin tab memory usage grows and grows until it crashes both in Chrome and Firefox.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
              • Make it possible to disable IPv6 for SMTP

                If ipv6 is on, than its also on für smtp. But we get no static IPv6 by Deutsche Telekom AG without a expensive contract; but we get a static IPv4. With no static ipv6 we cant configure the AAAA-Record / PTR /RDNS . So our ipv6-Mails will classified as SPAM because we cant disallow to send mails via ipv6. But we will need ipv6 in the future for VPN-connections.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • UTM showing authentication request for POTD

                  The UTM's wireless logs should show when a client authenticates with the password of the day and not just with the wireless network itself.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • WAF support for Server 2016 RDWeb

                    Update WAF to support RDG passthrough when using Server 2016 RDWeb gateway.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Masked Hyperlinks / URL in emails

                      This must have been requested already, but i cant seem to find it.

                      Basically, we currently quarantine all emails that have text that have http or https in the body by using expressions. The user can release these as they see fit.

                      However, it does not block hyperlinks which have been masked, such as links that say 'click here' or a fake links. Please can you add an expression that looks behind the masked text of a hyperlink and blocks the email because of the underlying URL.

                      8 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Packet filter: allow wildcard subdomains

                        Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

                        Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).

                        9 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Quarantineless Mail Protection

                          to minimize spam handling and be legally protected i suggest to add a Quarantineless mail protection.

                          Quarantineless means for me that any sort of mail filtering (spam/virus/...) is done during the smtp receive/transmit process. if mail is voted as Spam/virus-infectred/... reject (not drop) email ...

                          AND!!!!:

                          1. to handle "false-positive" mail ... send back an NDR (perhaps with different reasons (spam/virus-infected/..)), so that an sender knows why we reject the mail.
                          2. if internal user wants to "allow" incoming mail from sender, internal uses send out email to blocked sender through Mail Protection ... Mial Protection implicitly whitelist this sender…

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Connected Devices Statistics

                            Have the ability to generate reports on device connections on different published SSIDs, much like in the real-time wireless protection overview but on the duration (day / month / year) in a format of this style: date, connection time, connection time, device name / ip / mac, SSID, AP.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                            • Crypto currency Catagory for content filtering

                              Hello Sophos,

                              While managing UTM appliance we have observed lot of user started browsing sites related to “cryopto-curancy” and "mining of Cryto-currancy". These sites are hogging my bandwidth

                              when I search these websites they fall under finance category which is making job difficult to block such website

                              My request you to please create separate category for CRYPTO CURRENCY related sites so that we can use/enjoy appliance features optimally

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • ICMP

                                Restricting ICMP and Traceroute response to specific IP's or IP ranges.

                                Would like to see the sophos be able to restrict ICMP or trace route responses from the UTM to only specific IP address or ranges.

                                This would prevent unwanted potential hackers or BOT IP ping sweeps from detecting equipment on a network from the internet.

                                As of now the sophos ver 9 firmware UTMs only allow global "on/off" settings for ICMP and traceroute.

                                Sonicwall firewall provide the ability to restrict ICMP responses to specific IP's using a WAN-to-WAN access rule. I would like to see this option available in…

                                6 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Password of the day Scan

                                  It would be nice for the password of the day to be scanned upon generation for inappropriate words/profanities as this can come across/give bad impression for a business. Although this is unlikely to happen it has happened and my Director was not very impressed?

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Show State Table

                                    There does not appear to be any way to view an active NAT translation table with connection states from the SG series web-interface.

                                    Similar to pfSense "states table", would be very handy to see active NAT translations, with source IP / port, translated IP / port and destination IP / port.

                                    Also good would be optional method to close some connections from the web-interface.

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Reject Quarantine Messages Choice

                                      Add option for quarantine emails to be rejected (add in drop down: View, Delete, Release).
                                      This will also inform the sender that his email was rejected if for example the antivirus engine failed to perform a security scan.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Azure AD synchro

                                        Azure Active Directory Synchro option

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow custom exim configuration

                                          Allow custom exim.conf configuration to be added. Exim has alot of flexibility and features that are not available through the web interface, so it would be nice to be able to add your own custom config.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.