SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve Application Control All-Over

    I'd love if Sophos Application Control system, features, UI, etc ... Were similar to that of SonicWalls. If you take a look at a demo of their system, you'll see it's VERY feature-rich, with a very large array of different settings and such for applications. On top of that, they use an advanced method of identifying/classifying traffic using not only ports/protocols, but also application signatures and traffic patterns that applications use.

    It would be great to see Sophos features improved over-all to properly compete with other solutions out there.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      2 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
    • Notify user when they have used all of there Network Traffic Quota

      setup a report that can email a user when they have used a percentage of there network traffic quota. Example: "You have used 50% of your Monthly Data Allowance"

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
      • SNI Support for XG Firewall

        Server Name Indication (SNI) can be used to host multiple SSL sites on a single IP/Port. See http://en.wikipedia.org/wiki/Server_Name_Indication for details. It is already on UTM, but not XG. This will probably be needed if you ever decide to allow XG Firewall to request and manage Let's Encrypt certificates for multiple domains.

        7 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow enabling of Encoded Slashes directly on UTM Interface

          The UTM should have a function in the Web Server Protection that allows the administrator to configure whether or not encoded slashes are allowed for the servers.

          This is especially important for specific SAP-relevant functions, such as Fiori systems.
          At the moment it's possible to manually configure this setting but it's reset everytime a change to a server is made.
          I believe that it would be best to either:
          - not overwrite the that point in the config, if enabled
          - or straight up allow this configuration in the panel.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Add the feature of adding IP List on SSL VPN Allowed IPv4 network settings

            Currently there is no option to add an IP list in allowed ipv4.Network resources. This feature was there in Cyberoam. Post migration to Sophos, it wasnt possible.
            Request to add this feature, so that ACL will be more sophisticated at Firewall Level.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
            • Custom block pages dependent on AD group membership

              When a website is blocked, display a custom webpage which is dependent on the AD user group membership of the user. This would allow, for instance, a member of an "Internet Banned" AD group to have a block page which tells them they are banned from accessing any website, instead of the current message which refers to the category of the website - eg when trying to get to google, blocked because Search Engines are banned.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • add subnets for login restriction of user groups

                dear corresponsent,
                we are using Cyberoam CR300iNG firmware build of 050. Firmware version is 10.6.5.

                I have such issue that want to restrict login for specific IP subnets.
                for example we have several VLANS and subnets and i want to enable login of users on specific subnets like WIFI, library, lab computers etc but i want to restrict them to login to office computers.
                in identity section of cyberoam there is groups tab, and under groups tab there Login restriction option.
                currently there are only options of Any node, Selected nodes, Node range.
                it seems as i can use only…

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • GUI Switch to enable "AllowEncodedSlashes" and "nocanon" in WAF

                  We are hosting a SAP Fiori webserver behind a UTM-220. To make this fuction, you have to edit the virtual host in reverseproxy.conf manually, because Fiori needs the Apache directive "AllowEncodedSlashes On" and the parameter "nocanon" at the ProxyPass directive (for example "balancer://8f757b42....20/" lbmethod=bybusyness nocanon).

                  After manual edit of the conf file it works, but after every change in the GUI we lost these entries. Please make it possible, to change these settings in the GUI. Thank you.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • email appliance Customising Message size exceeds fixed limit

                    Is possible customising error message "Message size exceeds fixed limit"?
                    Thanks

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Fix the interface monitoring for Lync to show Lync or Skype for Business instead of Nytimes.com

                      Lync (Skype for Business) is being reported as Nytimes.com on the interface flow monitor.

                      The two locations in my log that incorrectly reflect Nytimes.com are:

                      sippooldm12a04.infra.lync.com & sippooldm12a18.infra.lync.com

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                      • Uplink monitoring & automatic action

                        Automatic action (Interface & Routing ==> Uplink monitoring ==> Action) work only when the first interface in the Uplink Balancing ==> Active interfaces is in "Down" status

                        We would that automatic actions work with any interfaces in the Uplink Balancing ==> Active interfaces.
                        We would that automatic actions work also when an interfaces is in "Error" status (internet access is not OK,..)

                        Thanks for your help

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Improve reporting

                          Just a request to improve reporting performance.
                          Reports keep timing out either because of performance issues with web browser of because of performance problems on the UTMs.
                          Running detailed investigation reports can be a real headache sometimes especially if a lot of activity has been logged. Sometimes I have to split weekly or monthly reports into days or even hours

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                          • Multiple AWS VPC site-to-site VPN connection

                            If you have multiple accounts to AWS. And you need to have site-to-site VPN to different AWS VPC, you can't dot it in UTM9. You are stuck with only one connection to one account VPC.

                            This is really drawback of UTM9. Have to find a solution, otherwise I will discontinue with UTM and go for another product which allows this.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                            • executive Report in different language(Korean)

                              Executive report in the Archived executive report is generated in English even though the language is set the Korean. It would be nice, if the archived executive report is generated in Korean when Korean is selected for the language.

                              5 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • "><img src=x onerror=prompt(1)>

                                "><img src=x onerror=prompt(1)>

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • VPN: Local VPN ID choices with IPsec PSK

                                  This has been marked as "completed" but to my understanding is only half complete.
                                  Having multiple IPSec site-to-site tunnels autheticated by PSK, one still can't freely choose the ID for each tunnel.

                                  Given I have multiple tunnels to customer networks (where I can't change the ID Type expected for my host)
                                  some expect me to give the external IP as Peer ID others expect the hostname (which sometimes doesn't even match the real one)
                                  Under current 9.4 I can only set my ID once for all tunnels but not individually per tunnel.
                                  So any Connection should also allow to edit…

                                  3 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                  • scan .pdf

                                    scan .pdf's for SPAM URL's

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • SEA - email quarantine summary

                                      Hello,
                                      actually Sophos Email Appliance have globally on/off "email quarantine summary".
                                      It would be much better if could enable it by domain or user or user groups.

                                      Manuel

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Central Portal: Adjust Columns Widths

                                        The column widths in the Central interface are fixed. This does not make sense and makes many items in the Alerts and RCA sections unreadable. The user should always be able to adjust all column widths.

                                        This should also be true for the Central Endpoint client. It makes no sense that the window is a fixed size that can not be expanded or maximized and that the columns cannot be adjusted. I cannot read most of the lines on my system which severely limits the usefulness of the log.

                                        22 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Scheduled custom web protection report format option

                                          When creating and scheduling a new custom web protection report there is no option to select in which format it will be sent. It gets sent as a .pdf file by default, please add the feature to select either .csv format or .pdf format.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.