SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Remove bug that erases custom domains from Virtual Web Servers when using Wildcard Certificates

    When creating a Virtual Web Server and a wildcard certificate is used the domains list is auto-populated with *.domain.com and domain.com. If you delete those and put in custom domains and then click to expand the "Advanced" options, all the custom domains are deleted and replaced with the defaults.

    After renewing the wildcard certificate and updating it on the existing Virtual Web Server object, all the custom domains are again deleted and replaced with the default.

    This could cause a site outage if the changes get saved without the administrator noticing.

    I recommend fixing the bug with the "Advanced" dialog,…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Restrict HTTP Methods based on paths

    Restrict HTTP Methods based on paths,

    We want to allow only GET methods to
    http://servername/servicepath/*

    But we want to allow GET and POST to
    http://servername/servicepath/servicepath2/*

    So any attempts to make POSTs to any sub-paths except /servicepath2 will be blocked. Fairly easy to do on ISA via the HTTP filter settings
    and would be good if we could achieve the same with UTM.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable users to reset their domain user password using Web Mail

    There are many companies that force employees to reset domain user passwords very often. Now, when employees need to access mail using their Web Mail and their password has expired they will have to call IT to reset their password, but if working hours has finished and there is no IT personnel in the office, or maybe it's weekend, which is even worse, they will have to wait until next working day so that IT can help. In situation like this, enabling users to reset their domain account password using Web Mail Portal, like Microsoft TMG does, would help.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. 2FA form for Reverse proxy

    UTM doesn't support a Reverse authentication 2FA with third party OTP radius AaaS providers (Eg:Safenet). It would be good if this feature can be included in the next release.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAF GeoIP or ACL intergration.

    Publishing a web server and limiting it to GEO location using WAF.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disable Server Signature

    Can you please disable the Server Signature header on the Web Server Protection so that it shows NULL or anything else apart from "Apache".

    Although this is not a failure for PCI compliance, it does flag on the check and not showing closes a possible issue.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Advanced Web Application Firewall - Enable HttpOnly flag for Cookie Signing

    Enable HttpOnly flag for Cookie Signing for Cookies containing a Hash

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. WebSocket for XG Appliance

    Make the Sophos XG Firewall to work with WebSocket

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. WAF plus SSL VPN plus Userportal on Port 443

    UTM 9

    Sophos UTM already uses OpenVPN port sharing if the userportal uses the same port als SSL VPN. But I can't use SSL VPN on port 443, too.

    Basically it should be possible to use OpenVPN port sharing with the web application firewall instead of the user portal.
    In the WAP it should be possible to define a virtual web server that points to the userportal.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. notification for expiring certificate

    Notification for expiring installed certificate under Webserver Protection - Certificate Management. Could be either thru email notification or thru the UTM dashboard.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. WebAdmin to use CA's from the default CA store

    Currently most web services published from the UTM make use of the Certificate Authorities uploaded by the user in the CA store (Webserver Protection >> Certificate Management >> Certificate Authority). However, the WebAdmin service uses its own CA (which affects also User Portal and SPX encryption pages).

    The self-signed CA that is generated during installation remains in the apache directory and becomes redundant if the user wishes to upload a publicly signed certificate from a trusted company (eg. Thawte, VeriSign, Comodo etc.). Even though the user uploads the CA certs from the trusted company into the CA repository, the WebAdmin…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. HTTP/2 support

    Please add HTTP/2 support

    113 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. WAF: Multiple domain support for non-wildcard SSL certificate

    WAF: Allow add multiple domain when use non-wildcard certificate

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. ID33532 9.209 RDWeb via WAF is not possible on customers site

    Issue ID 33532 the ability to publish a Remote Desktop Gateway would be appreciated. currently there is no support for it in UTM.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reverse Proxy TTL for backend hosts

    It would be incredibly useful to have the ability to add the TTL to the web application firewall for reverse proxy connections.

    This is particularly critical in AWS environments where the "Real Webserver" is an Elastic Load Balancer.

    Sometimes when the ELB IP addresses update, the reverse proxy continues to use the cached IP address and will not lookup the IP's again until the Virtual Web Server is restarted

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. create a configuration option of Cyphers in Gui.

    create a configuration option of Cyphers in Gui.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. add customisable error messages

    Add custom error messages for when problems occur (also providing a useful error message/reason).

    We had some clients getting 403 Forbidden when connecting to our website, and it looks very unprofessional.

    A company branded page telling the user they have been blocked due to their IP having a bad reputation. (as per our last problem) would be great

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enable OTP for WAF on a per-Authentication Profile basis

    At the Moment we can use the new OTP Feature just for all virtuell webserver. Therefore, it is not possible to use this great new function in most implementations.

    An example, many customers want to publish Exchange Services like OWA, ActiveSync and Outlook Anywhere. OWA with OTP and ActiveSync without OTP. But that is not possible.

    I suggest, you implement a new authentication Profile for OTP that we can use in the site path Routing.

    34 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. QoS for Virtual Webservers

    QoS / Throttling the upload for virtual webservers (Web Server Protection). It would be nice if you have many webservers, that you can throttle the upload for each "virtual server"

    exampe: - virtual webserver a (wan) unlimited upload to wan side

              - virtual webserver b (wan) limited upload 10mbit to wan side
    

    that would be realy nice, is it possible?

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Virtual Webserver - Wildcard SSL Import Domains

    When using a wildcard SSL certificate, I would like the ability to import a list of domains on a virtual webserver. This is possible on a HTTP virtual webserver, but not when on the HTTPS one. We have a wildcard web development environment and have multiple servers with 50+ sub-domains on each server. Currenlty, we have to manually enter every single domain since the import functionality is not on the HTTPS virtual servers.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.