SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WAF: Wildcard Support for TLDs

    As a company you often have serveral TLDs for your company name (e.g. company.com, company.de et cetera)

    If those domains are run on the same server and external IP you would have to configure every single domain as a virtual server for the WAF.

    This may result in a lot of work and also needs to be maintained.

    It would be great if <company>.* would be supported as a virtual server instead of just a preceded *

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add log off code for web applications using reverse authentication

    Forefront has the ability log off clients using "?cmd=logoff" in the web applications code for logging off. This would be nice to have so clients can log off the site with cookie deleted or request to close the browser.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Single Sign On for web applications similar to what Forefront can do.

    Forefront can provide SSO for multiple web applications. I'd like to see a similar feature in UTM 9.
    For example:
    An agent signs into www.insurancecompany.com and clicks a link to www.insurancecompanyagents.com, the agent won't be prompted again for authentication because of the SSO policy for the two sites.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. edit HTTP Header

    Edit or hide HTTP Headers such as the Server Header.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. make it possible to disable weak encryption algorigths

    Make it possible to disable encryption algorithms.
    The WAF accept weak RC4 algorithms it would be nice if we could disable them.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. ip filtering web application firewall

    Have the ability to specify which source networks, hosts are allowed to access a published website. This way we can add the IP-restrictions on the UTM box itself for a specific site instead of having to do this on the webserver hosting the site itself.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Web Server Protection: Honeypot Profiling (Intrusion Deception)

    Have the WAF add harmless, yet tempting targets to sites it is protecting, and then blacklist or punish who takes advantage of them.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web Application Firewall OTP support for form to form authentication

    Support for form to form authentication with one time passwords in the WAF.

    The WAF should be able to pass authentication through to a website which authenticates using a form (as opposed to only basic auth) if there is configuration on the UTM that defines the URL to the page which can process the login (not the login form) and the field names for the username and password.

    38 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. websocket support for WAF

    we are hosting a SignalR hub (http://signalr.net/) behind a Sophos UTM 320. We use the Web Server Protection feature extensively in our environment, and as such have opted to use the same for this.
    SignalR will always try to use Web Sockets (http://en.wikipedia.org/wiki/WebSocket), a new HTML5 API, and fallback to other technologies where this isn't possible to be used.
    Since we've been hosting the hub via the reverse proxy, none of our clients are able to connect via Web Sockets :so having support for websockets in WAF would be super cool

    471 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    57 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Web Server Protection: Certificate-based Authentication

    I would appreciate to support certificate-based authentication like at Microsoft TMG. I don't know why Sophos is making advertisements for "Replace your TMG with Sophos UTM" if UTM even can't do this! I want the reverse proxy to check a client certificate, If this certificate is not valid or it doesn't exists it shows an error page.

    TMG Config: http://4sysops.com/wp-content/uploads/2011/07/SSL-Client-Certificate-Authentication_thumb.png

    204 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add ACL Support for Web Application Firewall

    Though it isn't the best form of security, adding the capability to specify at least an allowed source object for access through the WAF would be beneficial to many. Even if it was in the form of the same allowance as the NTP, DNS, SMTP, POP3, FTP, HTTP and HTTPS proxies (where you just specify sources that are allowed to use the service and not a particular site). I don't have sites hosted that I want visible to the whole world, just a particular subset of hosts. I can use DNAT rules to accomplish this, but they don't offer ModSecurity-based…

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Application Firewall: Remote Desktop Gateway support

    Similar to support for Outlook Anywhere, it would be really beneficial if the WAF allowed for the publishing of Remote Desktop Gateway and handled those methods. RDGOUTDATA followed by RPCINDATA and RPCOUTDATA, and including /RemoteDesktopGateway in the request. It seems like common functionality that many customers must be looking for...

    157 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Web Server Protection: Support for ActiveSync 14.1

    WAF doesn't support ActiveSync 14.1, i.e. after you install SP3 for Exchange 2010, you can't use use WAF to protect your ActiveSync Server anymore. This is poor.

    78 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  5 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. please filter outlook anywhere (rpc over https) in the waf. just pass is a big security risk!

    From the Online Help. Microsoft Outlook traffic will not be checked or protected by the WAF! Please implement a filter so that we can publish Outlook anywhere in a secure manner.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make Web Application Firewall Site Path Routing case insensitive.

    Site Path Routing should have an option to treat the path in a case neutral manner.

    59 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. WebServer Protection: Allow for larger upload handling

    For web sites with larger uploads (e.g. ownCloud) there is currently a 128MB (134217728 byte) limit in Web Server protection, the so called request body limit in ModSecurity.
    Please add the possibility to configure this parameter (it's "SecRequestBodyLimit" in the Apache config) to allow larger uploads to sites protected by WAF.

    53 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Extend Security for Microsoft Exchange OWA 2010 Publishing

    The strong security features like URL-hardening, cookie-signing and form-hardening are still not available with owa newer than 2003. The knowledgebase just told me, to deactivate those feature. But they are important for higher security level.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Server Protection: "Sticky" sessions between HTTP and HTTPS

    It is possible to have sticky sessions using the WAF, however, in our e-commerce websites, we use both HTTP & HTTPS. Sticky sessions work only during the HTTP session, and when the user changes to an HTTPS links a new server may be assigned. Sometimes we can loose the session as a result.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Server Protection: Guard against "Insecure Crytographic Storage" by adding an HSM

    Integrate the WAF with HSM so the OWASP "Insecure Cryptographic Storage" concern can be addressed.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.