SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Joining Sophos XG Firewall to Domain is mandatory in Domain environment network please add this feature ( I mean not integrated )

    Joining Sophos XG Firewall to Domain is mandatory in Domain environment network please add this feature ( I mean not integrated ) the xg firewall should be member of domain object as workstation / server

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. PPPOE Server

    just must add PPPOE server it's important option

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. PCI Compliance UTM Requires SMBv1

    The UTM Requires SMBv1 which is not PCI compliant, we are required to pass PCI Compliance scans yearly and need to have the UTM updated to use a more secure PCI compliant protocol.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow users to reset Active Directory passwords from the UTM User Portal

    Raised on behalf of a Sophos customer, see support case 6426894.

    Customer would like the UTM's User Portal feature to function in a similar manner to the portal available on the Microsoft TMG product.
    when using a TMG, if a user's Active Directory account has been flagged to 'Reset password at next logon" when they try to log into the portal, the TMG portal notifies the user that they need to change their password and completes the password change with them.

    Using a UTM in the same scenario results in an authentication failure (expected behaviour), but the customer would like…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Change the Active Directory login behavior with multiple DCs

    With the current code handling the Active Directory authentication of users, if you add multiple domain controllers as authentication sources, any error with the user's authentication will cause the authentication to be attempted on the next DC.

    Unfortunately, this is also the case with failed passwords. The LDAP protocol has a built-in error message to tell the client that the failure was due to a bad password and not a server or communication issue (LDAPMessage bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)).

    This causes issues when users make mistakes on their passwords, it causes the AD…

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. User portal OTP only from WAN

    it would be great, if we get a funktion, so that we can configure, that the OTP is only nesesary if a user logging in from outside the lan.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improve User and VPN-Config Management of UTM!

    Everyone who needs to maintain hundrets of users on a UTM pleas read and vote:

    To import hundrets of remote authenticated (LDAP) or local Users to UTM is a pain! The only way is to hire a dozen of students to hack the users into the system. Then you can "bulk-download" users vpnconfig via webadmin. Have anyone tried to mark more then 25 users to download the config or delete the userobjects? On my SG430 no chance. I think many of you knows of the message: "script is running for more then 30 s - it is possible we do…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPv6 SSO in STAS

    Currently the STAS implementation only supports IPv6, when you enter an IP Address in the "Networks to be monitored", an error message of "Invalid Network IP" is thrown.

    This is preventing a native IPv6 rollout as we are unable to apply user based rules to IPv6 traffic (as no users are authenticated...).

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Synchronising between Microsoft AD with Sophos Firewall.

    We discovered a problem when synchronising between Microsoft AD with Sophos Firewall. If the AD include two accounts with the same email address, then the Sophos firewall can not synchronise these AD accounts with the internal Sophos database. Is the possible to change that, because many companies are using an email address for two or more employees. Thank you in advance.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support OTP for more facilities

    We need OTP support for Cisco VPN and L2TP over IPsec VPN. These are the only supported configurations that can be pushed to Sophos Mobile Control and used on iOS devices out of the box.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Safe Search HTTPS Certificate

    Estimados, sería muy importante poder generar una actualización en la que desde el Captive portal se pueda descargar el certificado de SOPHOS para la aplicación del escaneo HTTPS y forzar el SAFE SEARCH. En instituciones donde asiste mucha gente con dispositivos propios que utilizan el servicio de WIFI no se puede instalar de forma centralizada el certificado lo que impide el uso del servicio de escaneo que es muy importante sobre todo en instituciones educativas para proteger los contenidos a los que acceden los alumnos.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Change Default Login User ID as admin for Sophos Firewall

    Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Change Default Login User ID as admin for Sophos Firewall

    Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. IP Block List - General Automatic IP Block List for all Functions

    Definition & Users -> Authentication Servers -> Advanced

    Request for an „Auto-Blocklist“.
    Specially on SMTP you all know how oft IPs try to gain access while try to guess login data.

    I do not want those IPs never ever come up again - no matter what function on the UTM/SG/XG they try to use.
    This traffic should generally discarded (not blocked – I do not want to nicely tell the opposite that he is being blocked)

    Lets say a "UTM blacklist" which can either be filled manually, and then get selected for the functions (or all) of these IP /…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. allowed user gorups

    UTM Authentication process in allowed User / Groups for Authenticated Relay

    The UTM attempts to first authenticate the users to itself with AD before deciding whether or not users are listed in order to block or allow users/ groups the ability to relay emails through the UTM, when users have been added into the allowed users/group under allowed authentication Relaying in SMTP Global settings.

    A preferred option would be to first check if users are listed first before attempting to go through authentication process with AD.
    This allows for better performance as the UTM will go through authentication process only…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Include QR code scanner in Sophos Authenticator App

    In the Sophos Authenticator app for Android, it seems it does not scan QR codes by itself. The user has to install another app (XZing ?) to make this work. Also, it would be nice if the app told the user if a QR code scanner app is missing on the smartphone.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. hide token information

    The utm offers the possibility to hide the token infomation of individual users.
    We have the following situation:
    Our few remote users donot use the user portal. The got the client configuration pushed to there remote device ans the QR-code for the token mailed to ther mobilephone. So ther is no need to bother them with the userportal.
    on the other hand we got suppliers whice offers remote support on the machines we bought from them.
    The support engineers using the user portal as entree to there machines.
    Because we want to hav econtrole of the remote connections of our…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Notify users about ActiveDirectory password expiration on WAF Reverse authentication form

    Users logging on via the reverse authentication form Feature should be able to Change their Password from here - or be notified about an expiring/expired Password.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. support Radius challenge response

    We needed it for 2fA support with SMS PASSCODE

    101 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Login time the same in STAS and UTM

    I would like to suggest that login time on Client Authentication was in GMT.
    I have a SG implanted with STAS and when I will check the time is different between the two solutions.
    e. g.: My GMT-3, in STAS the user aaaaa logged in Oct 18 12:20 2017, then I will look this information on SG, I see Oct 18 15:20 2017, three hours more.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.