SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Disabling SMTP Authentication for specific users or groups

    it would be great to have a opportunity to disable the SMTP authentication for single users or groups. We have a lot of brute force attacks via the smtp-proxy and domainusers were disabled because of those attacks. Therefor we've activated the "Block Password Guessing"-feature for SMTP proxy, because blocking of 10+ IP's each day for each user isn't the right way.
    Now the problem is, if those requests will come from different IP addresses the account will be locked anyway.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Captive Portal should redirect automatically when first time logging

    In new XG 210 firewall, after up-gradation of firmware version SFOS 16, Captive Portal not pop-up (redirect) automatically after first time we open browser. Previous version ( SFOS 15), it's working fine even we are using ASG220 firewall since last 6 years, in that also this feature working fine but new firmware having a issue of automatically redirect of captive portal.

    Hope it was bug and you will resolve it soon. Thanks.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. set up the firewall to allow the RADIUS user to change passwords using user portal:

    set up the firewall to allow the RADIUS user to change passwords using user portal:Presently not possible to change the RADIUS/AD user password.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. import User Group on the Sophos UTM

    kindly i need help how to import Groups in : Sophos UTM 9.407-3
    that i create about 5000 Group and need to import to another UTM in another branch
    how to to that
    import and export groups
    i created ips & urls defirrent groups

    that differnet models

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. NTLM or Basic authenticaiton for User Portal

    Currently the UTM appliance uses web form authentication for the User Portal. Instead of a web form, can we please add the ability to use either NTLM or basic authentication. For extra security measures, I would like to put a Kemp appliance (which is in our DMZ) between the internet and the Sophos UTM. So what would happen is the users would authenticate with the Kemp appliance and then the Kemp appliance would authenticate with the Sophos UTM. However, the Kemp appliance needs to use either NTLM or basic authentication. It cannot use a web form.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow the use of Managed Service Accounts in AD

    When using a normal Active Directory account for the installation and remote management of Sophos Endpoint client, if the account password is changed machines using the old password will lock the account out in AD if lockout policies are applied. The account used for this has to be a member of the local administrators group on each client so it can install itself, therefore a lot of companies just add the sophos service account into domain admins group. If we could install using a managed service account, AD controls the password changing, and nobody ever needs to know what that…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. OTP-Module should be available in the XG

    The very nice OTP module of the UTM should be available in the XG, too.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Integrate EAS proxy into the UTM

    The EAS proxy could be delivered as part of the Sophos UTM as the UTM is usually deployed at the permiter. Proxy configuration should remain in SMC though.

    28 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. AD Prefetch schedule

    Presently AD Prefetch schedule isn't picking up newly created accounts in AD. Every time we need to click on "Prefetch now" to have the new accounts in UTM instead. It would be nice if the prefetch schedule could pick up newly created users in AD automatically.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. UTM9 - sso password

    Sophos UTM9 - recent release
    If you open the binary files in the /var/confd/var/storage/snapshots with a normal text editor you can read clearly the ssopassword and the ssouser used for the joining of the appliance to the domain.
    Why the config files must contain the domain password used once and no longer required?
    Why it is not encrypted? Often this is a domain admin account.
    Best Regards

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Granular Access Control

    User/Group access to "Authentication Services" and sub section "One Time Password"
    Other areas could use more granular access control

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Admin rights on web admin page to forcefully logout a user

    It would be very useful if admins could force individual users to be logged out from the web appliance. This would help in cases where the authentication timeout is very long and the user has closed the captive portal window that allows them to log out.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web appliance: Force logout for individual users

    It would be very useful if admins could force individual users to be logged out from the web appliance. This would help in cases where the authentication timeout is very long and the user has closed the captive portal window that allows them to log out.
    This can already be done from the backend

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG: Web and Application Policy per User or Group (Identity based)

    It is good for the end users who are using Identity based where in they can apply web and application policy per user or group since from the current firmware, you can only apply policy thru firewall. It is hassle if you have 10 users who have different policy, then i will need to create 10 firewall rule just to separate the users.
    I Hope it will come.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Two factor Authentication with back-end server RSA / Vasco tokens

    To allow authentication from the UTM to use a back-end RSA/Vasco token server to authenticate user.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. STAS Integration

    Add STAS capability as per Sophos XG. Agent on domain controllers that detect logins/logouts of users is perfect.

    Many thanks

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. AuthenticationAD OU and Group Synchronization

    With more companies using the NSG platform for Web, Email and Endpoint Management, having the ability to import OU's and Groups become more important for policy management and reporting.

    Having granular policy control for Web use or Email DLP is very important for both public and private sector businesses. Most mid - large businesses require a level of departmental reports, typicaly based on users being members of particular groups or OU's.

    For more than a few hundred machines, endpoint policy control is easier with the ability to group and apply machines based on how they are grouped in AD -…

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow you to choose the IP Address of the Captive Portal

    Currently, the captive portal IP will be returned to users based off the first interface which the device detects. In our situation, the first interface is a management interface and we have a 10Gbit module installed in interfaces from H I J K so we cannot re-arrange the interface numbering.

    Please allow it so that we can choose which interface IP is returned to the clients to connect to the captive portal.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Shorter AD Synchronization

    We like to have a much shorter period for the AD-Synchronisation.
    The sync interval is by default every 2 hours.
    We need a sync intervall of 5 minutes or to make it costumable.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. AV samples request form

    For each sample I want to check I have to set up all the needed informations all the time on the web site.
    My idea: It will be easier I have to log on and all the needed information will be filled automaticly so I only have to descripe the reason and attach the sample.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.