SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. The ability to see remote access and email tabs in the portal at the same time

    Depending on the order of authentication servers you can see either email tabs (quarantine, whitelist etc.) or remote access tabs. We used to see both at the same time as it is not unusual to have remote users that have email. Please can this functionality(bug fix?) be implemented.

    This is added at the request of Sophos tech support.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. OTP authentication to rooted device

    I was trying to design two factor authentication in user portal , while i came to know it does not support rooted devices.

    I suggest your (sophos authenticator) support on rooted device as every 4th device is rooted now a days.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. user migration

    Customer would like to have a tool or utility to migrate local users on servers to the UTMs user database so basic auth through RA will work without having to import 400-500 users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. One Time Password (OTP) transmit with new SMS Gateway released in v9.308-16

    Now is the new SMS Gateway working for Hotspot Login. It will be great to use the Gateway for sending the OTP to Enduser by SMS.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. UTM's Radius client: need to support PAP protocol

    The UTM's radius client supports only PEAP (MS-CHAP). Could you please add PAP?

    The use case is a proxy radius server that communicate via a strong authenticated SSL tunnel with a 2fA server in the cloud. The UTM's radius client must use PAP protocol to forward the password in clear-text to the proxy radius server that will forward in a secure way the auth request in the Cloud.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Authentication: Change backend AD password in UserPortal

    A active directory user (external users) can change the password on userportal or the support can activate the "User must change password at next logon" in AD and his must change the Password on userportal.

    54 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Authentication: Create Certificate Signing Request CSR

    Generate a Certificate Signing Request CSR with ONE CLICK

    71 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. produce an error in the GUI if an invalid character is used for the SSO password

    We have had an issue support ref #5301894 where when using a ' in an SSO account to join the UTM to the domain you constantly get an error report that it cannot sync groups, changing the password resolves the issue.
    It would help if the UTM reported an error when entering a character it cannot support.

    Thansk

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Authentication: Configurable RADIUS timeout

    The RADIUS timeout setting is hardcoded, and can't be adjusted from the UI. Third part two factor authentication systems like PhoneFactor use "out of band" methods to complete authentication. Such schemes can take 20-30 seconds to complete an Auth. With the current hardcoded RADIUS timeout Astrado is not compatible with these solutions as the timeout needs to be set appropriately.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Agentless authentication

    Hello, is it plan to implement something like agentless authentication of clients computers? For example- Some agent service in active directory supervising the kerbos tickets and by this way using them in group or user based firewall rules?
    THX a lot for answer

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support for more Windows Active Directory login formats

    Please support more allowed AD login formats for pre authentication and/or implement the possibility to rewrite (with regex) the login strings before authentication.

    I have lot of ActiveSync users in a multiple domain environment for example and they are pre authenticated with a TMG. At the moment it isn’t possible to move the service to the UTM. Our ActiveSync clients (iPhone/Windows Phone) authenticate in most cases with the following formats:

    NT4-domain\username
    W2K-domain\username

    With a rewriting feature I would rewrite W2K-domain\username” to username@W2K-domain (UPN-Style). The user could be authenticated with LDAP now.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. HTML5 VPN Portal : accept to submit auth form without password

    The authentication form of the HTML5 VPN portal requires to provide a password to be able to submit, probably checked by a javascript in the authentication page. Please remove or disable this control and accept to submit the auth form with an empty password (no password).

    The use case is a 2fA authentication server that accepts PUSH mode. The radius server will forward to the 2fA server the request containing only the username (no password) and PUSH a notification to the user's mobile. The user will unlock his mobile, open the 2fA application and provide his security PIN code. The…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Authentication: Possibility to authenticate ADS users based on their Domain membership

    It must be possible for the ADS user to logon the Userpotal due to their domain membership.

    Example 1: Sales \ John Smith
    Example 2: Marketing \ John Smith

    How can the user be distinguished if they have different access rights ? Until now, the system can not distinguish that.
    Users have until now always the same access though different access rights are defined for both users

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. iOS and Android user authentication clients

    Cyberoam (a Sophos owned UTM) have client authentication apps for non-domain devices such as tablets to authenticate with an authentication service such as AD.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. poa password expiry

    Have the ability to set a policy for POA users so their password expires after a certain amount of days.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add a new option "type" for network definitions - AD computers

    Add a new option "type" for network definitions that allows for AD computers within an AD security group (much like the AD users/groups dynamic memberships). This would allow much more flexibilities on how to apply "hosts", such as when creating a Web Filter Profile, instead of adding "internal network" or a specific host/hosts, we would be able to add to "allowed networks" an Active Directory group that would consist of computers that I added into that group via Active Directory. This is specifically important, since this would allow Web Filter Profiles to differentiate between domain machines and guest machines on…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Join Workplace as Client AuthN

    Starting Windows 8, there is a feature called Workplace. It is using Email and Password to identify a User (it will lookup an SRV record on the email's domain name to identify the server to whom it has to talk to) and finally it will enroll the client with a certificate.
    Sophos could use this in order to identify clients on the UTM. First enroll with a UTM username and then identify the user for e.g. Web Protection.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add ability to change password on Self Help screen in Sophos Safe Guard

    Sophos Safe Guard - Self Help screen allows viewing of the current password, but does not allow change of password. Enabling change of password at this screen would increase security level a step further.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. add transparent mode browser authentication over HTTP

    This would allow the UTM admin to select the captive portal to be presented over http instead of https to prevent SSL errors on guest devices. I appreciate there's a security issue around this but it should be made clear while selecting this option that it's less secure

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Removing the internal IP from OWA log in screen

    I've just set up WAF for my internal Exchange Server and Outlook Web Access. I noticed on the log in screen it says "The server %FQDN of mail server% is asking for your user name and password. the Server reports that it is from %internal IP%.

    This is such a huge security risk. Anyone attempting to access my mail server knows the internal IP structure. Please remove this from the log in screen!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.