SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. mapping authentication servers to facilities

    It would be naice to be able to map serrtain authentication servers tp certain functionalities. For instance: The inhouse end-user-portal needs no RSA-Token (Active Directory is used here) but the authentication for a VPN-Client should use RSA-Authentication.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. include FTP Proxy in authentication

    Our customer used this feature on his old Proxy to controll who and with which rights a user can use the ftp. For our customer it is an essential Feature.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Integrations with KeyShield SSO

    It would be useful to add authentication via KeyShield SSO. KeyShield SSO concept is designed for any client platform. It provides SSO functionality for Windows, Linux, Android, Mac, iPad and iPhone. The principle of KeyShield SSO integration is very simple to implement - when UTM get a connection request, it ask KeyShield SSO server about the origin IP address. The response is fdn within one of configured directories (eDirectory, ActiveDirectory, LDAP) or "unknown".

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Notifications: Login of SSL VPN User

    Email Notifications for Login SSL VPN User (Remote Access)

    30 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Authentication: Support SAML2

    It would be nice if the Astaro products would support SAML2 for SSO. There are enough modules out on the market now so that it shouldn't be hard to support. Couly make some things easier with proxy auth. Thanks

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Authentication: LDAP Group Support

    It would be nice, if a LDAP-User can authentificate through a LDAP-Group.

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Import Active Directory Groups automatically

    Currently users are imported and created into the user/groups definitions when imported from AD. Groups however are not and you have to manually create the groups definitions and attach them to the AD group

    It would be so much easier if this was done automatically on sync!!

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support for Microsoft Mini driver smartcardsw (e.g. HID Global Crescendo C1150) in SafeGuard Enterprise PoA.

    I suggest to add support for Microsoft Mini Driver smartcards in SafeGuard Enterprise PoA authentication window. These smartcards that do not require drivers in Windows are getting more and more popular, thus important to be supported in SGN.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Authentication: Associate assigned IP via Radius AUTH to local User object in UTM

    Hi! Associating an assigned IP to an authenticated user (for user-based security rules) is not working for remote access with RADIUS - but it could. Please!... ;) Thx in advance!

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Authentication: Active Directory SSO with Windows Live ID

    There are compatibility issues with the AD SSO authentication on Windows 7 machines running Microsoft Live ID Assistant.

    The only solution provided until now is to uninstall the Live ID, but it keeps getting installed by Windows Updates and has built in many applications (like the Essentials or Movie Maker).

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Authentication: Multiple Single Sign-On (SSO) Servers

    It would be nice to choose a server group with more than 1 SSO Server to authenticate HTTP profiles.

    58 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Authentication: SSL-Encryption for Proxy Fallback Login

    Please make the proxy authentication encrypted if the client does not support eDirectory SSO. Actually user and password are sent in human-readable cleartext.

    Same thing for the transparent proxy with authentication. The login form is provided via http... Why not https?

    27 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. MacOS user grouping support for authentication

    Unfortunately after a lot of work with Astaro a while back it was found that MacOS Server does not push the memberOf attribute back in replies rendering Astaro User Grouping useless so what I'm suggesting is as follows.

    Under Authentication servers, allow for either a LDAP Browser or LDAP Field to be specified for the group ID and have Astaro cache the User IDs within that group and re-poll it once an hour or so that way user with a specific ID hits the proxy with the right credentials Astaro will see that ID in the group and let it…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Authentication. Allow internal hostname for joining to Active Directory

    When joining Active Directory it would be very nice if an internal hostname could be used instead of using the FQDN of the generic hostname given to UTM.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Authentication: Web Filter User-to-IP Mapping

    We need the user's ip mapping. Once a user is authenticated against the http proxy, the user source ip should be mapped in the user's object, so that we can create policy per user

    64 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Per-User selectable Backend Authentication Server

    There will be an securtiy leak if you use an second user authetication with the same usernames. For exampel: You use Active Diretory for the websecurity authetication and an Radiusserver for your OTP token to login to the userportal and vpn. The astaro will first check the AD and then the Radius server. So the user can use his AD password or his OTP to successfully login. It has to be possible to select the backendserver per userobject. This problem only applies for example if you use userobjects in your vpn configuration instead of the radiusgroup. But this is required…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Authentication: Search for Users and Groups on backends

    The Possibillaty to Search for Users and Groups within the Astaro GUI, when working with AD Groups and Users.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentication: Multiple Authentication type per-user

    Activate multiple authentication mechanisms (Agent + Browser). Normally a user uses his own machine (Agent), but sometimes he is on another notebook/pc where no agent is installed, so he can't access other subnets and/or internet. With an alternate (additionally activated) method he could open the browser, type in his credentials and access his permitted resources.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authentication: Support UserPortal Logins with "username@domain.com"

    Allow users to login to the User Portal with username@domain.com when joined to an Active Directory Domain

    Currently the users must login with their AD username only, using their email address does not work.

    106 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Authentication: Support for AD PC Groups

    Customers want to give the PCs special Website access (Not the User who are logged in). So, if we could make AD PC Groups, and use these AD Groups in the source network of the Web Protection Profiles, then we don't need to create each PC in the WebAdmin. This would be great because if someone installs a new PC, we dont have to touch the Astaro.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.