SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow the use of Managed Service Accounts in AD

    When using a normal Active Directory account for the installation and remote management of Sophos Endpoint client, if the account password is changed machines using the old password will lock the account out in AD if lockout policies are applied. The account used for this has to be a member of the local administrators group on each client so it can install itself, therefore a lot of companies just add the sophos service account into domain admins group. If we could install using a managed service account, AD controls the password changing, and nobody ever needs to know what that…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. OTP-Module should be available in the XG

    The very nice OTP module of the UTM should be available in the XG, too.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Integrate EAS proxy into the UTM

    The EAS proxy could be delivered as part of the Sophos UTM as the UTM is usually deployed at the permiter. Proxy configuration should remain in SMC though.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. AD Prefetch schedule

    Presently AD Prefetch schedule isn't picking up newly created accounts in AD. Every time we need to click on "Prefetch now" to have the new accounts in UTM instead. It would be nice if the prefetch schedule could pick up newly created users in AD automatically.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. UTM9 - sso password

    Sophos UTM9 - recent release
    If you open the binary files in the /var/confd/var/storage/snapshots with a normal text editor you can read clearly the sso_password and the sso_user used for the joining of the appliance to the domain.
    Why the config files must contain the domain password used once and no longer required?
    Why it is not encrypted? Often this is a domain admin account.
    Best Regards

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Granular Access Control

    User/Group access to "Authentication Services" and sub section "One Time Password"
    Other areas could use more granular access control

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Admin rights on web admin page to forcefully logout a user

    It would be very useful if admins could force individual users to be logged out from the web appliance. This would help in cases where the authentication timeout is very long and the user has closed the captive portal window that allows them to log out.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Multi-Forest and Multi-Domain SSO

    Allow multiple AD Domain/Forest SSO whee thee are more than one AD Forest/Domain

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web appliance: Force logout for individual users

    It would be very useful if admins could force individual users to be logged out from the web appliance. This would help in cases where the authentication timeout is very long and the user has closed the captive portal window that allows them to log out.
    This can already be done from the backend

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. XG: Web and Application Policy per User or Group (Identity based)

    It is good for the end users who are using Identity based where in they can apply web and application policy per user or group since from the current firmware, you can only apply policy thru firewall. It is hassle if you have 10 users who have different policy, then i will need to create 10 firewall rule just to separate the users.
    I Hope it will come.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Two factor Authentication with back-end server RSA / Vasco tokens

    To allow authentication from the UTM to use a back-end RSA/Vasco token server to authenticate user.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. STAS Integration

    Add STAS capability as per Sophos XG. Agent on domain controllers that detect logins/logouts of users is perfect.

    Many thanks

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. AuthenticationAD OU and Group Synchronization

    With more companies using the NSG platform for Web, Email and Endpoint Management, having the ability to import OU's and Groups become more important for policy management and reporting.

    Having granular policy control for Web use or Email DLP is very important for both public and private sector businesses. Most mid - large businesses require a level of departmental reports, typicaly based on users being members of particular groups or OU's.

    For more than a few hundred machines, endpoint policy control is easier with the ability to group and apply machines based on how they are grouped in AD -…

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow you to choose the IP Address of the Captive Portal

    Currently, the captive portal IP will be returned to users based off the first interface which the device detects. In our situation, the first interface is a management interface and we have a 10Gbit module installed in interfaces from H I J K so we cannot re-arrange the interface numbering.

    Please allow it so that we can choose which interface IP is returned to the clients to connect to the captive portal.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Shorter AD Synchronization

    We like to have a much shorter period for the AD-Synchronisation.
    The sync interval is by default every 2 hours.
    We need a sync intervall of 5 minutes or to make it costumable.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. AV samples request form

    For each sample I want to check I have to set up all the needed informations all the time on the web site.
    My idea: It will be easier I have to log on and all the needed information will be filled automaticly so I only have to descripe the reason and attach the sample.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Please do not require PAP for Radius authentication for SSL VPN or Portal

    Just finished support case with Sophos support, and while not documented this way, PAP (unencrypted authentication) is required to support Radius authentication for both Portal and SSL VPN. Please remove this requirement.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow backend groups to point to AD containers or OUs

    When creating a backend group in UTM against Active Directory, you cannot specify an OU or Container for membership. In eDir backend groups, you can point it at an OU and everything under that resolves to the group. The same is not true for AD; the user does not resolve as a member of the group if backend membership is limited to an OU, it only works when pointed to an actual group object.
    I suggest mirroring the features from eDir group processing in AD group processing, and allowing backend group membership to be determined by OU or Container.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. XG Appliance Default Username

    On the SG appliances we were able to change the admin username. Best practices say don't use Admin, Administrator, Root, etc. when possible. Hackers target these accounts first. No account with that name creates another level of protection. Obviously we use secure passwords but this was available in the past...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Shell access based on AD groups and users

    In environments where backend access is highly utilized and vital due to security policies, having only 'root' and 'loginuser' can be limiting. Having shell access based on AD groups and users would be beneficial in several ways.

    Using only 'root' and 'loginuser' does not provide the ability to link an individual user to their access. Only source IPs are logged, which is not helpful in environments where users may be frequently connecting from different addreses, or where multiple users connect from the same IP.

    Should a password be compromised, all users are not affcted. In AD one can disable the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.