SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow changing of the interface in QoS rules

    When creating QoS rules the interface, once selected, cannot be changed.

    This feels like a really odd limitation. Would it be so hard to allow the administrator to change the interface of the QoS rules once created?

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • "Verzeichnisbenutzer vorab holen" löscht zusätzlich eingetragene E-Mail-Adressen

      Wird eine UTM an ein ActiveDirectory (AD) angeschlossen können die Benutzer aus dem AD über eine Syncronisations-Funktion in die Benutzerliste der UTM übertragen werden.
      Ist der Benutzer erst einmal in der UTM, kann man ihm dort noch zusätzliche E-Mail-Adressen eintragen, damit dieser Benutzer im User-Portal z.B. auch SPAM-Nachrichten von allgemeinen E-Mail-Adressen wie info@xxxx.xx oder service@xxxx.xx einsehen und bearbeiten kann.
      Im Webadmin der SG 210 unter Definitionen&Benutzer/Authentifizierungsdienste auf dem Register „Erweitert“, befindet sich unten die Funktion "Verzeichnisbenutzer vorab holen". Der Fehler tritt auf sobald man hier ein automatisches Intervall einstellt oder die Verzeichnisbenutzer manuell abholt. Dann werden die zusätzlichen Mailadressen, die…

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Alibaba

        We are looking to use Sophos UTM in Alibaba Cloud.
        As we see in their marketplace, Sophos UTM is not available.
        Is it possible to get that up there in near time?

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Importing IPs for blocking

          Add feature for importing CSV of IPs for blocking.

          We receive a listing of dangerous IPs from the US Government. Tech support has confirmed that no option exists for importing 100s of IPs.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Sophos appliance TCPDUMP

            I would suggest to enable TCPDUMP option log for a more detailed view of network traffic

            14 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              2 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Add Sophos SG/UTM to Sophos Central for management via the cloud

              I can't see this suggestion here yet; apologies if it is.
              I'd love to add our Sophos SG UTM devices to Sophos Central, to centralise and aggregate log and events collections, as well as config and health status snapshots.
              I can deploy a SUM, but it would be nice to have it linked to Sophos Central for a standard view.

              3 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
              • Provide the RESTful API to generate voucher password

                The customer want to use the API to generate voucher password for guest user logon, they want to design the web portal for guest user to apply and get logon password, but we can't found out the syntax on the RESTful API can support this applied.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Standalone OTP

                  Add OTP (2-factor authentication) as a stand-alone feature, to be used with specific NAT rules, or access rules.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Host to Host Ipsec Tunnel in SFOS 17.0

                    After creating Host to Host tunnel in SFOS 17.0, In routing it does not show option to select Ipsec tunnel, it should be there (as of now only from cli we can create route for ipsec tunnel)

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Users status

                      There should be one feature or option to set the users status change automatically based on given schedule.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                      • grayware

                        what is grayware verdict classifies files that behave similarly to malware, but are not malicious in nature or intent. A grayware verdict might be assigned to files that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows you to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly.
                        Antivirus signatures are not generated for grayware and security policies cannot be enforced based…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • 4096 bits SSL VPN Encryption

                          4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?

                          14 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Increase Size of Root Partition or Allow an "Ignore Major Version Updates" Option

                            Sophos will support multiple versions of the OS (e.g, v9.2x, v9.3x, v9.4x, and now, v.9.5x), but Up2Date forces down all higher level updates from any given version and fills up the Root partition resulting in an endless stream of nag warnings. The workarounds to avoid this problem are a nusience an a danger if I miss a critical update. If I have valid reasons for staying on a given supported version, Sophos should allow me to do so hassle-free. The Root partition could easily be quadrupled or quintupled from it's current size (6 GB is tiny in comparison to the…

                            5 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • A whitelist for SMTP File Type or SMTP MIME Type Filtering

                              We would appreciate if it would be possible to put email sender addresses on a white-list not only for bypassing the spam filter, but for bypassing the File Extension Filter or the MIME Type Filter.
                              Thank you.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add a option to rotate the SSID password on certain time

                                There should be an option to choose the SSID password rotation. It should throw an email to specify users with new & old password information. A password can pick from a text file or admin can define some numbers of the password.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Spam unknown sandbox/hold

                                  This stemmed from a particular spam message we received. The spam was not caught by the filter(s) and was sent off to "Cyren" for analysis. In the time it took from that initial email to be sent to Cyren and then confirmed as spam, it had been 4 minutes. In those 4 minutes, we received multiple emails from that same sender, with the same subject, etc, which passed through the filters just as the first had done. Once Cyren responded back that the email was confirmed as spam, the UTM began blocking any future messages from that sender (as it…

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • webserver protection waf download size

                                    When downloading a file from a Owncloud backend via the Sophos UTM WAF, no estimated time and no file size are displayed.
                                    The content-length header is probably not passed through here.
                                    Disabling WAF features or AV scanning does not change this.

                                    The Sophos WAF should determine the file size and display the estimated download time when supported by the backend.

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow Maxiumum Session Time per User/Group

                                      The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

                                      11 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Whitelist for File Type / MIME Type Filtering

                                        A customer wants to put email sender addresses on a white-list not only for bypassing spam filter, but for bypassing File Extension Filter or MIME Type Filter.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add driver support for Intel X710 Virtual Function

                                          Add kernel support (i40evf) for newer Intel X710 Virtual Function. Actually, there is a driver for older X520 Intel Virtual Function (ixgbevf), but no module for newer cards... It allows to use SR-IOV in virtualized environment, which provides a huge performance boost on network adapters supporting it.

                                          Intel provides a configuration guide to use SR-IOV with X(L)710 cards :
                                          https://www.intel.com/content/www/us/en/embedded/products/networking/xl710-sr-iov-config-guide-gbe-linux-brief.html

                                          Thanks,
                                          Nicolas

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.