SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Need to have a central OTP management function...I suggest on SUM so that if you have multiple UTMs you don't have mult authenticators

    Need to have a central OTP management function...I suggest on SUM so that if you have multiple UTMs you don't have mult authenticators on your device nor do you have to configure the OTP function multiple times on multiple devices for multiple users. RSA has done this forever with their ACE server. Right now it is a disincentive to use best practice security with OTP given the onerous amount of setup and ongoing maintenance. Plus hassle scrolling thru 20+ auth entries on our smartphones

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. OTP: Support for multiple profiles

    Would be nice if OTP supports multiple profiles as it was done with SSL VPN already some time ago.

    I should be able to select which user/group requires an OTP for which facilites.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Authentication timeout based on inactivity and session

    I suggest an option to set the authentication time counter to start when the connection is inactive. Now: For our schools, teachers get interrupted and timeout in an active session. Whatever person (students) can use whatever device as long as the timer has not reached limit. Not very useful. If the timer instead was based on inactivity, the user could stop surfing or restart the device to ensure that the association was finished. A keep-alive script would also then be easy to make if one have to be associated for an extended time.
    There should also be very useful to…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Authentication: Allow nested group membership

    We would like group nesting to be possible for SSL VPN users.

    We added a VPNgroup in the "webadmin --> Remote Access --> SSL-> global --> users and groups" and would like to add that VPNgroup to a group OfficeUsersGroup, but is seems it only works if the users are added to the VPNgroup.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. The ability to see remote access and email tabs in the portal at the same time

    Depending on the order of authentication servers you can see either email tabs (quarantine, whitelist etc.) or remote access tabs. We used to see both at the same time as it is not unusual to have remote users that have email. Please can this functionality(bug fix?) be implemented.

    This is added at the request of Sophos tech support.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. OTP authentication to rooted device

    I was trying to design two factor authentication in user portal , while i came to know it does not support rooted devices.

    I suggest your (sophos authenticator) support on rooted device as every 4th device is rooted now a days.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. user migration

    Customer would like to have a tool or utility to migrate local users on servers to the UTMs user database so basic auth through RA will work without having to import 400-500 users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. One Time Password (OTP) transmit with new SMS Gateway released in v9.308-16

    Now is the new SMS Gateway working for Hotspot Login. It will be great to use the Gateway for sending the OTP to Enduser by SMS.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Authentication: Change backend AD password in UserPortal

    A active directory user (external users) can change the password on userportal or the support can activate the "User must change password at next logon" in AD and his must change the Password on userportal.

    57 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. UTM's Radius client: need to support PAP protocol

    The UTM's radius client supports only PEAP (MS-CHAP). Could you please add PAP?

    The use case is a proxy radius server that communicate via a strong authenticated SSL tunnel with a 2fA server in the cloud. The UTM's radius client must use PAP protocol to forward the password in clear-text to the proxy radius server that will forward in a secure way the auth request in the Cloud.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Authentication: Create Certificate Signing Request CSR

    Generate a Certificate Signing Request CSR with ONE CLICK

    72 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. produce an error in the GUI if an invalid character is used for the SSO password

    We have had an issue support ref #5301894 where when using a ' in an SSO account to join the UTM to the domain you constantly get an error report that it cannot sync groups, changing the password resolves the issue.
    It would help if the UTM reported an error when entering a character it cannot support.

    Thansk

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Authentication: Configurable RADIUS timeout

    The RADIUS timeout setting is hardcoded, and can't be adjusted from the UI. Third part two factor authentication systems like PhoneFactor use "out of band" methods to complete authentication. Such schemes can take 20-30 seconds to complete an Auth. With the current hardcoded RADIUS timeout Astrado is not compatible with these solutions as the timeout needs to be set appropriately.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Agentless authentication

    Hello, is it plan to implement something like agentless authentication of clients computers? For example- Some agent service in active directory supervising the kerbos tickets and by this way using them in group or user based firewall rules?
    THX a lot for answer

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support for more Windows Active Directory login formats

    Please support more allowed AD login formats for pre authentication and/or implement the possibility to rewrite (with regex) the login strings before authentication.

    I have lot of ActiveSync users in a multiple domain environment for example and they are pre authenticated with a TMG. At the moment it isn’t possible to move the service to the UTM. Our ActiveSync clients (iPhone/Windows Phone) authenticate in most cases with the following formats:

    NT4-domain\username
    W2K-domain\username

    With a rewriting feature I would rewrite W2K-domain\username” to username@W2K-domain (UPN-Style). The user could be authenticated with LDAP now.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. HTML5 VPN Portal : accept to submit auth form without password

    The authentication form of the HTML5 VPN portal requires to provide a password to be able to submit, probably checked by a javascript in the authentication page. Please remove or disable this control and accept to submit the auth form with an empty password (no password).

    The use case is a 2fA authentication server that accepts PUSH mode. The radius server will forward to the 2fA server the request containing only the username (no password) and PUSH a notification to the user's mobile. The user will unlock his mobile, open the 2fA application and provide his security PIN code. The…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentication: Possibility to authenticate ADS users based on their Domain membership

    It must be possible for the ADS user to logon the Userpotal due to their domain membership.

    Example 1: Sales \ John Smith
    Example 2: Marketing \ John Smith

    How can the user be distinguished if they have different access rights ? Until now, the system can not distinguish that.
    Users have until now always the same access though different access rights are defined for both users

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. iOS and Android user authentication clients

    Cyberoam (a Sophos owned UTM) have client authentication apps for non-domain devices such as tablets to authenticate with an authentication service such as AD.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. poa password expiry

    Have the ability to set a policy for POA users so their password expires after a certain amount of days.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.