SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Maxiumum Session Time per User/Group

    The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Block Password Guessing for WAF

    In the configuration for password guessing, I miss the option to enable block password guessing for WAF Authentication.

    See
    - https://www.astaro.org/closed-forums-read-only/utm-9-betas/utm-9-2-beta/50498-9-191-feature-block-password-guessing-reverse-authentication.html
    - https://www.astaro.org/beta-versions/utm-9-3-beta/54271-feature-block-password-guessing-waf.html
    - Mantis ID #30112

    Maybe it ist possible to implement this festure earlier than 9.350

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add SAML support as an Authenticaiton Source for the UTM manager interface

    Make it so that you can authentication admins for the UTM system using SAML to something like ADFS.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. SFM - /log/applog.log data should not have the password credentials

    For the SFM, in advanced shell, if you run: cat /log/applog.log | grep applog
    The results will show the credentials used to connect to the firewalls. Please do not log the credentials in clear text.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. add subnets for login restriction of user groups

    dear corresponsent,
    we are using Cyberoam CR300iNG firmware build of 050. Firmware version is 10.6.5.

    I have such issue that want to restrict login for specific IP subnets.
    for example we have several VLANS and subnets and i want to enable login of users on specific subnets like WIFI, library, lab computers etc but i want to restrict them to login to office computers.
    in identity section of cyberoam there is groups tab, and under groups tab there Login restriction option.
    currently there are only options of Any node, Selected nodes, Node range.
    it seems as i can use only…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. network authentication

    in Sophos when we authentication on network it connect through our default getaway and also showing SSL certificate issue could we access it through FQDN .

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. As of now it not possible to change this Open SSL certificate SHA-1 version neither from GUI nor from Backend as these settings are hard cod

    As of now it not possible to change this Open SSL certificate SHA-1 version neither from GUI nor from Backend as these settings are hard coded on UTM architecture.

    I request you, kindly share this requirement on our portal http://ideas.sophos.com as feature request so that our development team can take of this in future release on UTM firmwares.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. You enable 2 factor authentication options with Duo Security

    When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

    46 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Global Bot / Script Kiddie / Brute Force IP Blacklist

    Sophos should maintain a blacklist of Bots / Script Kiddies / Brute Force attackers based on big data of failed logins on UTM's.

    Problem to solve:
    There are lot of (often automated) login attempts to the different publicly available UTM facilities as SMTP (authenticated relaying), User Portal, Webadmin, SSH, Reverse Proxy. On my UTM I have for example since weeks a ongoing brute force attacks on the smtp proxy, as authenticated relaying is allowed on it. Blocking those bots after 5 attempts helps only marginal, as they automatically switch to other bots (new IP) and continue the brute force attack.…

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Authentication data cache of AD SSO

    Please add option which UTM can cache user authentication data of AD SSO.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Disabling SMTP Authentication for specific users or groups

    it would be great to have a opportunity to disable the SMTP authentication for single users or groups. We have a lot of brute force attacks via the smtp-proxy and domainusers were disabled because of those attacks. Therefor we've activated the "Block Password Guessing"-feature for SMTP proxy, because blocking of 10+ IP's each day for each user isn't the right way.
    Now the problem is, if those requests will come from different IP addresses the account will be locked anyway.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Captive Portal should redirect automatically when first time logging

    In new XG 210 firewall, after up-gradation of firmware version SFOS 16, Captive Portal not pop-up (redirect) automatically after first time we open browser. Previous version ( SFOS 15), it's working fine even we are using ASG220 firewall since last 6 years, in that also this feature working fine but new firmware having a issue of automatically redirect of captive portal.

    Hope it was bug and you will resolve it soon. Thanks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. set up the firewall to allow the RADIUS user to change passwords using user portal:

    set up the firewall to allow the RADIUS user to change passwords using user portal:Presently not possible to change the RADIUS/AD user password.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. import User Group on the Sophos UTM

    kindly i need help how to import Groups in : Sophos UTM 9.407-3
    that i create about 5000 Group and need to import to another UTM in another branch
    how to to that
    import and export groups
    i created ips & urls defirrent groups

    that differnet models

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Clean otp token automatically

    We have opt tokens in use. All users are a member of a AD group.
    We would like it when a user is removed from the group of AD the token should also automatically be removed from the utm.
    Now the removed AD users remain in the opt token list and it's becoming a mess.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. NTLM or Basic authenticaiton for User Portal

    Currently the UTM appliance uses web form authentication for the User Portal. Instead of a web form, can we please add the ability to use either NTLM or basic authentication. For extra security measures, I would like to put a Kemp appliance (which is in our DMZ) between the internet and the Sophos UTM. So what would happen is the users would authenticate with the Kemp appliance and then the Kemp appliance would authenticate with the Sophos UTM. However, the Kemp appliance needs to use either NTLM or basic authentication. It cannot use a web form.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow the use of Managed Service Accounts in AD

    When using a normal Active Directory account for the installation and remote management of Sophos Endpoint client, if the account password is changed machines using the old password will lock the account out in AD if lockout policies are applied. The account used for this has to be a member of the local administrators group on each client so it can install itself, therefore a lot of companies just add the sophos service account into domain admins group. If we could install using a managed service account, AD controls the password changing, and nobody ever needs to know what that…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Synchronising between Microsoft AD with Sophos Firewall.

    We discovered a problem when synchronising between Microsoft AD with Sophos Firewall. If the AD include two accounts with the same email address, then the Sophos firewall can not synchronise these AD accounts with the internal Sophos database. Is the possible to change that, because many companies are using an email address for two or more employees. Thank you in advance.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. OTP-Module should be available in the XG

    The very nice OTP module of the UTM should be available in the XG, too.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Integrate EAS proxy into the UTM

    The EAS proxy could be delivered as part of the Sophos UTM as the UTM is usually deployed at the permiter. Proxy configuration should remain in SMC though.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.