Hi,

Right now, UTM 9.5 is available at AWS Marketplace.

When will be available XG?

Regards

Know where an object is in use. By selecting the object you have the option to report on which rules, policies, etc. are added.
This will allow cleaning of objects, making it easier to manage and maintain them.

Is there any possibility to block all ANDROID USERS in DHCP lease Temporarily or Permanently??

Needs to bind a MAC Address for an USER while logging from Windows Client

Sophos XG 16.05 and later,
there is no guides on how to setup wireless guest access points neither is there guides to add a directory server. neither for obtaining the Self signed CA cert that you publish to users for HTTPS scanning ultimately just a bit more to work with on the newer version as the interface changed dramatically between the versions 15 through 16. Thanks

IPS Policy Name Length is Limited to 15 Characters. Expand it. Names should be 32 bit variables.

Currently in the web protection exceptions you can only add source IP addresses individually, I have a range of IP addresses that I'd like to exclude from HTTPS decrypt and scan and there's no way I'm adding 100s of IP addresses, my suggestion would be that you implement the ability to add a range here.

I've managed to circumvent the requirement by adding a new firewall rule, however still think this exception range would be useful and relatively easy to implement.

For SFOS V17-Beta

While in V16.05 Firewall Rule, we were able to EDIT the Rule by clicking on main Rule page directly but in V17 need to click on "..." Icon then need to edit,clone for firewall rule, please keep this as same was there in V16.05.

Allow us to create DoS Bypass Rule on FQDN and add description for each rule for future reference purpose.

Allow to set OTP for default Admin account. If any how admin password is compromised entire firewall or Organization can be can bee breached.

Require OID to fetch the IP address of the XG interfaces

It would be really good if we could have more flexibility around DHCP and DNS assignment. We have different parts of the company who come from different zones which have their own DNS server.

It would be great to be able to say this user when connected to VPN use this DNS server.

Application control category should have option to block all streaming media rather than to block streaming media site that are in database means once we include streaming media it should block all streaming media whatever in any site.

Ability to export webadmin changelog at certain periods, changelog reporting is indispensable for Audit purposes.

Ticket #7563384

It does not seem possible to change the default action for an application filter once it has been created. While there may be little need for this in most use-cases, it would be tremendously helpful for one-off testing.

For schools it would be really useful if there was a report that could be scheduled to run say weekly, that lists any user who searches for specific words, such as bomb, gun, **** etc. that may indicate that the user / student needs to be monitored to satisfy child safeguarding requirements. Anything that would help to identify radicalisation links. Perhaps a user customisable group / list that the user could update to include the specific terms that are being monitored as that would make it more universal to other companies that are not schools.

We spend more than one month with Sophos support for finding a timeout problem with Captive Portal and mobile devices (Android and iOS) because we ONLY set the timeout option under "Web Policy Actions for Unauthenticated Users (Captive Portal)", but we had to change to option at "Web Client Settings (iOS, Android and API)" also, but nowhere is any info about that. Please change the timeout time for mobile devices also, when I change the value under "Web Policy Actions for Unauthenticated Users (Captive Portal)".

With the UTM it was possible to set a timeout time for the users longer than 24 hours. Please bring that feature back, for most of our school-customers 24 hours are so much too short!

Some sites have a failover group with 2 or more connections. Since only one connection is established per site, it would be nice if we could collapse the rest of the connections not used.

When viewing the VPN connections, it would only show you one connection per site and if it’s connected or not.

This would make it easier to see which sites are actually down.

We have over 20 sites and growing and the list is getting harder to manage.