SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. allowed user gorups

    UTM Authentication process in allowed User / Groups for Authenticated Relay

    The UTM attempts to first authenticate the users to itself with AD before deciding whether or not users are listed in order to block or allow users/ groups the ability to relay emails through the UTM, when users have been added into the allowed users/group under allowed authentication Relaying in SMTP Global settings.

    A preferred option would be to first check if users are listed first before attempting to go through authentication process with AD.
    This allows for better performance as the UTM will go through authentication process only…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Include QR code scanner in Sophos Authenticator App

    In the Sophos Authenticator app for Android, it seems it does not scan QR codes by itself. The user has to install another app (XZing ?) to make this work. Also, it would be nice if the app told the user if a QR code scanner app is missing on the smartphone.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. hide token information

    The utm offers the possibility to hide the token infomation of individual users.
    We have the following situation:
    Our few remote users donot use the user portal. The got the client configuration pushed to there remote device ans the QR-code for the token mailed to ther mobilephone. So ther is no need to bother them with the userportal.
    on the other hand we got suppliers whice offers remote support on the machines we bought from them.
    The support engineers using the user portal as entree to there machines.
    Because we want to hav econtrole of the remote connections of our…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Notify users about ActiveDirectory password expiration on WAF Reverse authentication form

    Users logging on via the reverse authentication form Feature should be able to Change their Password from here - or be notified about an expiring/expired Password.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. support Radius challenge response

    We needed it for 2fA support with SMS PASSCODE

    101 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. user migration

    Customer would like to have a tool or utility to migrate local users on servers to the UTMs user database so basic auth through RA will work without having to import 400-500 users.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Login time the same in STAS and UTM

    I would like to suggest that login time on Client Authentication was in GMT.
    I have a SG implanted with STAS and when I will check the time is different between the two solutions.
    e. g.: My GMT-3, in STAS the user aaaaa logged in Oct 18 12:20 2017, then I will look this information on SG, I see Oct 18 15:20 2017, three hours more.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Integrate FIDO U2F as form of two factor authentication

    We are heavily using Google Authenticator together with our UTMs but would like the ability to issue a user an open source hardware solution that can go on their key ring. Our power users tend to run out of battery life on phone while traveling and a device on a key chain would allow for ease of access and a knowledge that all users can get in and accomplish the important business items they take care of.

    Our other solutions allow us to use something like a Yubikey Neo and gain access to everything no matter batter conditions.

    Benefits:
    No…

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Using IAM Roles instead of setting up an IAM profile with access keys

    We want to create a new feature request for Sophos UTM9.

    In the latest version of Sophos UTM, in order for us to send logs to CloudWatch we are required to setup an AWS profile with Access Keys and Secret Access Keys. This is not a secure AWS pratice.

    Can you please update this feature to include an option to choose "AWS IAM Role" instead of adding the access keys?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. add OTP to SUM

    currently the auth mechanism on the SUM only uses userid and password. The current OTP system in the UTM would be beneficial to SUM as well.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Block Password Guessing for WAF

    In the configuration for password guessing, I miss the option to enable block password guessing for WAF Authentication.

    See
    - https://www.astaro.org/closed-forums-read-only/utm-9-betas/utm-9-2-beta/50498-9-191-feature-block-password-guessing-reverse-authentication.html
    - https://www.astaro.org/beta-versions/utm-9-3-beta/54271-feature-block-password-guessing-waf.html
    - Mantis ID #30112

    Maybe it ist possible to implement this festure earlier than 9.350

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add SAML support as an Authenticaiton Source for the UTM manager interface

    Make it so that you can authentication admins for the UTM system using SAML to something like ADFS.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. SFM - /log/applog.log data should not have the password credentials

    For the SFM, in advanced shell, if you run: cat /log/applog.log | grep applog
    The results will show the credentials used to connect to the firewalls. Please do not log the credentials in clear text.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. add subnets for login restriction of user groups

    dear corresponsent,
    we are using Cyberoam CR300iNG firmware build of 050. Firmware version is 10.6.5.

    I have such issue that want to restrict login for specific IP subnets.
    for example we have several VLANS and subnets and i want to enable login of users on specific subnets like WIFI, library, lab computers etc but i want to restrict them to login to office computers.
    in identity section of cyberoam there is groups tab, and under groups tab there Login restriction option.
    currently there are only options of Any node, Selected nodes, Node range.
    it seems as i can use only…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. network authentication

    in Sophos when we authentication on network it connect through our default getaway and also showing SSL certificate issue could we access it through FQDN .

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add optional PIN entry field for two-factor authentication

    There are really two big issues I have with the two factor authentication implementation. The first is that no where in the setup for the user is there any information or instruction as how to use two factor authentication. Every other two factor authentication that I have used has had a separate box for putting in the random code. I only learned about how to properly use two factor authentication after calling support and being informed that I needed to append the randomly generated code to the end of my password to which I say "Really! and you arn't going…

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. You enable 2 factor authentication options with Duo Security

    When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

    48 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. As of now it not possible to change this Open SSL certificate SHA-1 version neither from GUI nor from Backend as these settings are hard cod

    As of now it not possible to change this Open SSL certificate SHA-1 version neither from GUI nor from Backend as these settings are hard coded on UTM architecture.

    I request you, kindly share this requirement on our portal http://ideas.sophos.com as feature request so that our development team can take of this in future release on UTM firmwares.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Global Bot / Script Kiddie / Brute Force IP Blacklist

    Sophos should maintain a blacklist of Bots / Script Kiddies / Brute Force attackers based on big data of failed logins on UTM's.

    Problem to solve:
    There are lot of (often automated) login attempts to the different publicly available UTM facilities as SMTP (authenticated relaying), User Portal, Webadmin, SSH, Reverse Proxy. On my UTM I have for example since weeks a ongoing brute force attacks on the smtp proxy, as authenticated relaying is allowed on it. Blocking those bots after 5 attempts helps only marginal, as they automatically switch to other bots (new IP) and continue the brute force attack.…

    33 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. When manually defining Soft Token, provide a RANDOM Secret button.

    When using the One Time Password (OTP) facility to manually build Soft Tokens for users; it would be nice if the UTM could provide a 'Generate Random Secret' button; as currently you have to manuall source/define a 128 bit hex secret key. Using a Random string generator that confirms to the UTM requirements of manually defined OTP secrets would make things easier.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.