SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Integrations with KeyShield SSO

    It would be useful to add authentication via KeyShield SSO. KeyShield SSO concept is designed for any client platform. It provides SSO functionality for Windows, Linux, Android, Mac, iPad and iPhone. The principle of KeyShield SSO integration is very simple to implement - when UTM get a connection request, it ask KeyShield SSO server about the origin IP address. The response is fdn within one of configured directories (eDirectory, ActiveDirectory, LDAP) or "unknown".

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Notifications: Login of SSL VPN User

    Email Notifications for Login SSL VPN User (Remote Access)

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Authentication: Support SAML2

    It would be nice if the Astaro products would support SAML2 for SSO. There are enough modules out on the market now so that it shouldn't be hard to support. Couly make some things easier with proxy auth. Thanks

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Authentication: LDAP Group Support

    It would be nice, if a LDAP-User can authentificate through a LDAP-Group.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Import Active Directory Groups automatically

    Currently users are imported and created into the user/groups definitions when imported from AD. Groups however are not and you have to manually create the groups definitions and attach them to the AD group

    It would be so much easier if this was done automatically on sync!!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for Microsoft Mini driver smartcardsw (e.g. HID Global Crescendo C1150) in SafeGuard Enterprise PoA.

    I suggest to add support for Microsoft Mini Driver smartcards in SafeGuard Enterprise PoA authentication window. These smartcards that do not require drivers in Windows are getting more and more popular, thus important to be supported in SGN.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Authentication: Associate assigned IP via Radius AUTH to local User object in UTM

    Hi! Associating an assigned IP to an authenticated user (for user-based security rules) is not working for remote access with RADIUS - but it could. Please!... ;) Thx in advance!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Authentication: Active Directory SSO with Windows Live ID

    There are compatibility issues with the AD SSO authentication on Windows 7 machines running Microsoft Live ID Assistant.

    The only solution provided until now is to uninstall the Live ID, but it keeps getting installed by Windows Updates and has built in many applications (like the Essentials or Movie Maker).

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Authentication: Multiple Single Sign-On (SSO) Servers

    It would be nice to choose a server group with more than 1 SSO Server to authenticate HTTP profiles.

    58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Authentication: SSL-Encryption for Proxy Fallback Login

    Please make the proxy authentication encrypted if the client does not support eDirectory SSO. Actually user and password are sent in human-readable cleartext.

    Same thing for the transparent proxy with authentication. The login form is provided via http... Why not https?

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. MacOS user grouping support for authentication

    Unfortunately after a lot of work with Astaro a while back it was found that MacOS Server does not push the memberOf attribute back in replies rendering Astaro User Grouping useless so what I'm suggesting is as follows.

    Under Authentication servers, allow for either a LDAP Browser or LDAP Field to be specified for the group ID and have Astaro cache the User IDs within that group and re-poll it once an hour or so that way user with a specific ID hits the proxy with the right credentials Astaro will see that ID in the group and let it…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Authentication. Allow internal hostname for joining to Active Directory

    When joining Active Directory it would be very nice if an internal hostname could be used instead of using the FQDN of the generic hostname given to UTM.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Authentication: Web Filter User-to-IP Mapping

    We need the user's ip mapping. Once a user is authenticated against the http proxy, the user source ip should be mapped in the user's object, so that we can create policy per user

    64 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Per-User selectable Backend Authentication Server

    There will be an securtiy leak if you use an second user authetication with the same usernames. For exampel: You use Active Diretory for the websecurity authetication and an Radiusserver for your OTP token to login to the userportal and vpn. The astaro will first check the AD and then the Radius server. So the user can use his AD password or his OTP to successfully login. It has to be possible to select the backendserver per userobject. This problem only applies for example if you use userobjects in your vpn configuration instead of the radiusgroup. But this is required…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Authentication: Search for Users and Groups on backends

    The Possibillaty to Search for Users and Groups within the Astaro GUI, when working with AD Groups and Users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Authentication: Multiple Authentication type per-user

    Activate multiple authentication mechanisms (Agent + Browser). Normally a user uses his own machine (Agent), but sometimes he is on another notebook/pc where no agent is installed, so he can't access other subnets and/or internet. With an alternate (additionally activated) method he could open the browser, type in his credentials and access his permitted resources.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Authentication: Support UserPortal Logins with "username@domain.com"

    Allow users to login to the User Portal with username@domain.com when joined to an Active Directory Domain

    Currently the users must login with their AD username only, using their email address does not work.

    101 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentication: Support for AD PC Groups

    Customers want to give the PCs special Website access (Not the User who are logged in). So, if we could make AD PC Groups, and use these AD Groups in the source network of the Web Protection Profiles, then we don't need to create each PC in the WebAdmin. This would be great because if someone installs a new PC, we dont have to touch the Astaro.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authentication: Automated Form Fill of Credentials

    It would be very nice if Astaro could act as intermediary for authenticated http proxy users (typically SSO users / Astaro Authentication Agent users)

    Overall idea:
    Client -> SSO -> ASG Web Proxy -> Public/Private site

    If Astaro sees a filled in login form and the Astaro has been configured to keep track of logins for the given user, then it should save the information and autofill it in the future.
    If a changed password is detected the information is updated.

    Ideally it should also be able to use tokens from AD or eDirectory to log people in, but that…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Authentication: Group Support for Radius Authentication

    Add Group support for Radius authentication by defining an backend match for a certain Radius attribute like 'NAS-Identifier' if this is set to a predefined value and the request succedes, than the user is also mapped to this group. restore ASG V6 functionality and better integrate with radius installations

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.