SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. GUI Switch to enable "AllowEncodedSlashes" and "nocanon" in WAF

    We are hosting a SAP Fiori webserver behind a UTM-220. To make this fuction, you have to edit the virtual host in reverseproxy.conf manually, because Fiori needs the Apache directive "AllowEncodedSlashes On" and the parameter "nocanon" at the ProxyPass directive (for example "balancer://8f757b42....20/" lbmethod=bybusyness nocanon).

    After manual edit of the conf file it works, but after every change in the GUI we lost these entries. Please make it possible, to change these settings in the GUI. Thank you.

    5 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Block via user agent

      Customer requesting to block traffic via user agent

      4 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Fully support QUIC (HTTPS via UDP)

        Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
        I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

        More about QUIC can be read here : https://www.chromium.org/quic

        With that said, I would like to see full support for QUIC natively in Sophos UTM…

        10 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Host Name

          List the host name of the firewall at the top of all pages. I work on a hundred or more and it sucks to have to go back to the dashboard eve

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow to add a single tagged VLAN interface to a bridge

            At the moment it is not possible to add a single VLAN to a bridge, you can only bridge a whole interface (with the whole VLAN trunk on it).
            However, under some circumstances it is necessary to e.g. bridge 2 VLAN-Interfaces together (e.g. during a VLAN migration), to bridge a single tagged VLAN to an untagged interface, to bridge a single VLAN to a RED tunnel interface (e.g. bridge the VLAN of your local clients to the LAN of a small remote office) or to bridge two VLANs with different IDs from former independent locations together (e.g. over a RED…

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
            • Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF.

              Can we switch of the ssl weakness for WAF. Please do a server test at www.ssllabs.com and type a url from a site behind the WAF. you get this for all ssl v ersions

              TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 112
              TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits FS WEAK 112
              TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK

              8 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • SUM (Sophos UTM Manager) needs a default root password

                The CLI for SUM has a blank root password. If an administrator never goes to the CLI for SUM, he/she has no idea that this is a completely open system. This is incredibly unsafe and alarming for a company that sells security products. You should really hurry up and fix this as it is a vulnerability that is really embarrasing should someone publish it.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                • Bandwith usage - hourly

                  During a day in different UTM i have peak of bandwith usage that slowdown all web traffic.
                  Is hard to find the pc that generated abnormal traffic specially if is http traffic.
                  Is possible to create a hourly filter in bandwith usage Tab?

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                  • IE 9 Browser Support for XG WebAdmin

                    I have had a request from a partner for us to add IE 9 Browser support for the Sophos XG WebAdmin if possible

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add new DynDNS service: https://spdyn.de

                      Update URL sample can be found under https://wiki.securepoint.de/SPDyn/Hostverwenden#Verwendung_mit_Fremdhardware.

                      Site is German but the page itself should be self-explanatory.

                      It would however be the best option to provide a full configurable custom dynamic DNS to the customers. It should be that hard to implement a custom URL using predefined variables.

                      Thanks!

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                      • DHCP Option 60 & 61

                        Addition of DHCP option 60 & 61 to allow connection of UTM to Sky Fibre. Sky uses these options for router identification and the username / logon details for the broadband service.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Zone Based Captive Portal

                          Kindly Provide Zone Based Captive Portal in next possible firmware upgrade,
                          So that firewall will push IP Address of only that specific Zone interface automatically to the users browser.
                          Currently default behavior of firewall is that it will push down only specific IP address of specific zone for all zones captive portal request which does not fulfill requirement of creating separate zone.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                          • reflexion

                            Enterprise override of users unchecking "Activate Security".

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • dhcp snmp

                              Add support to monitor the dhcp leases via snmp.

                              Maybe this is easily possible by adding something like this:
                              https://github.com/ohitz/dhcpd-snmp

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                              • SSL VPN Software Deployment (XG)

                                We need the ability to deploy the SSL VPN client is a centralized manner. Our remote users do not have local admin rights on their machines, so it would be great if a package could be deployed that would automate the install. I understand that each installation package has the users' certificate, but there still needs to be a solution to this. It was simple with the firewall product we moved from to remotely deploy the SSL VPN client software to the endpoints.

                                6 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                • Application Control: Block Brave Browser

                                  Please block Brave Browser. We have students that are using it to play games, get around policies, etc..

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable Header Matching of Data Protection Custom Rules

                                    To match the functionality of the Sophos E-Mail-Appliance more closely, it would be helpful if it was possible to match E-Mail Headers with the Custom Rules of the Data Protection Engine.

                                    This would allow triggering SPX-Encryption by marking the E-Mail as confidential or trigger on words ONLY in the subject, not in the body.

                                    Two examples that work on the Sophos E-Mail-Appliance but do not work on the Sophos UTM:
                                    Subject: .*\[ENC\].*
                                    Sensitivity: company-confidential

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support for Wireless Password Sync with Hotspot POD in VLAN environment

                                      After spending a great deal of time trying to get this working in my current VLAN environment.

                                      I eventually found an obscure line in the online help file that says: "Synchronize password with PSK of wireless networks (only with Hotspot type Password of the day): Select this option to synchronize the new generated/saved password with wireless PSK for separate zone networks."

                                      This should be supported by the VLAN network in a corporate environment by default.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Readonly Account for Mailmanager

                                        At the Moment, it is not possible to give an account read only rights for the Mailmanager.

                                        The possibility would be very helpful.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Forms Authentication fallback to Basic Authentication for non-browser applications

                                          If the UserAgent provided by the client is not a web browser, fall back to Basic Authentication, instead of presenting the Forms Authentication. This is a feature present in ISA 2006 and TMG 2010.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.