SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Let's Encrypt Wildcard Integration

    Let's Encrypt Integration came with UTM 9.6. That's great!

    You should now implement the support of Let's Encrypt Wilcard domains with ACMEv2.

    Best Regards

    26 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Let's Encrypt Domain Validation via DNS challenge

    Let's Encrypt Integration is really cool but it would be even better if there is support for Domain Validation via DNS challenge. With DNS challenge, you can prove domain ownership (through responding to a challenge with a DNS TXT record) without the need to expose any services to the Internet.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Update SSL Certificate Option

    We are hosting 89 websites behind the firewall using a wildcard certificate, this certificate is going to exipre in few days. When trying to update the certificate with the newly created wildcard certificate I didn't found any option to do that. The only option available was uploading that new certificate with a different name and manually assigning the new certificate to all our Virtual Webservers.
    For companies like us with a big number of web sites behind the WAF, it will become really handy to have an update option so we update the certificate entry that is there in Certificate…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Is there any way to fetch Sophos UTM WAF logs in third party log monitoring tool?

    No proper categorization of logs in WAF when configured in monitor mode, we are chasing since more than two months to get fetched the logs of WAF in any third party tool (SysLog/SIEM) for the monitoring and rule setting purpose, but we couldn't get proper support from vendor as well as Sophos technical team.

    Earlier we tried with Sophos iVew tool as per the vendor suggestion, the tools is specially developed for Sophos UTM but it works for specific features(reporting) only, not for log monitoring and WAF log fetching.

    Can you please assist in this regards, is there any way…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. 33 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Let's encrypt intermediate CA sent by server

    As admin I want to have intermediate CAs automagically added for certificates issued by Let's encrypt client, so they are then served when estalishing TLS connections ad retarted libraries are not breaking due to incomplete certificate chain

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for TLS 1.3

    Support the latest version of TLS protocol for improved security and performance. TLS 1.3 is huge step forward for web security and performance.

    51 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. WAF - Allow Remote Dektop Gateway protocol Windows server 2016

    Upgraded our RDP Gateway server to Windows 2016, and connection through the WAF is now failing. Answer from support:

    "I have reviewed the case and have researched this issue for you. For the RDP Gateway 2012R2, RD Gateway used to use RPC (remote procedure call) in order to transport the remote desktop session over HTTP, that was & still is supported by WAF on the UTM.

    For the Windows 2016 RDP Gateway however, Microsoft decided to change protocol they use so that instead of using RPC, they now use one called RDG. RDG is not supported by WAF on the…

    46 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow enabling of Encoded Slashes directly on UTM Interface

    The UTM should have a function in the Web Server Protection that allows the administrator to configure whether or not encoded slashes are allowed for the servers.

    This is especially important for specific SAP-relevant functions, such as Fiori systems.
    At the moment it's possible to manually configure this setting but it's reset everytime a change to a server is made.
    I believe that it would be best to either:
    - not overwrite the that point in the config, if enabled
    - or straight up allow this configuration in the panel.

    9 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Let's Encrypt Integration

    It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
    Best Regards

    1,638 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    296 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. HTTP/2 support

    Please add HTTP/2 support

    81 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAF & Reverse Proxy

    Add a page to show current logged on users, log on time & duration. Possibly a link to the log of what pages they have visited whilst logged on?

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Modify built-in mod_security rule criticality

    The ability to not just create a "skip rule ID" entry for a signature, but actually modify whether the firewall treats it as critical or not. Similar to tuning rules and rule categories in the IPS.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Disable Server Signature

    Can you please disable the Server Signature header on the Web Server Protection so that it shows NULL or anything else apart from "Apache".

    Although this is not a failure for PCI compliance, it does flag on the check and not showing closes a possible issue.

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Log the domain used for virtual web servers in WAF

    Currently, Web Server Protection logs only note the first listed domain to identify which virtual web server was used by the client.
    • server: first domain name of the virtual server serving the request

    Since there can be a number of domains used by the same virtual web server, it would be much more useful to log the actual domain requested in the host header. As different domains can be used for different environments, this would provide much better analytics on how the virtual web server is being used.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. WAF - Reverse Authentication - Auth Failure Feedback

    Currently when logging in and specifying a bad username or password, no feedback is given. The page simply reloads with no indication that the login attempt was even processed.
    Request:
    Provide basic authentication feedback preferably by populating runtime variables. These could be common auth failure results of "bad username or password", "account disabled", "password expired", "authorization failure", etc.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Resolve X-Forward-For headers to client IP addresses in the log

    When UTM is deployed as part of a proxy chain the WAF logs do not capture the client source details present in the X-Forward-For headers, but will instead log the upstream proxy's IP address as source.
    Can we have a log field that allows administrators to also see the original requester's source address?

    Note that ProxyProtocol support does not solve this issue as many upstream proxies do not support this for traffic already tagged with X-Forward-For information.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Modify mod_sec built-in rules

    Allow administrators to modify the pre-supplied rules for the WAF as custom rules cannot override existing signatures. Having to create a custom signature and then exempt the built-in signature causes lots of additional administration and clutter.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. WAF plus SSL VPN plus Userportal on Port 443

    UTM 9

    Sophos UTM already uses OpenVPN port sharing if the userportal uses the same port als SSL VPN. But I can't use SSL VPN on port 443, too.

    Basically it should be possible to use OpenVPN port sharing with the web application firewall instead of the user portal.
    In the WAP it should be possible to define a virtual web server that points to the userportal.

    7 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable OTP for WAF on a per-Authentication Profile basis

    At the Moment we can use the new OTP Feature just for all virtuell webserver. Therefore, it is not possible to use this great new function in most implementations.

    An example, many customers want to publish Exchange Services like OWA, ActiveSync and Outlook Anywhere. OWA with OTP and ActiveSync without OTP. But that is not possible.

    I suggest, you implement a new authentication Profile for OTP that we can use in the site path Routing.

    28 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.