SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Authentication: Single-Sign On for Astaro Authentication Agent

    Expand the Astaro Authentication Agent to (optionally) use the currently logged on Windows credentials instead of manually entering credentials.

    227 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Authentication: Support UserPortal Logins with "username@domain.com"

    Allow users to login to the User Portal with username@domain.com when joined to an Active Directory Domain

    Currently the users must login with their AD username only, using their email address does not work.

    102 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. support Radius challenge response

    We needed it for 2fA support with SMS PASSCODE

    101 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Authentication: Delete UTM user-object when deleted from backend server

    When we remove a user from our LDAP Directory (namely eDirectory or ActiveDirectory) the User in UTM is untouched. It would be nice if the UTM could know about this and purge its matching user-object as well. (Or display us a report of users who are no longer seen on the backend server so we could trigger a delete periodically).

    85 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Authentication: Create Certificate Signing Request CSR

    Generate a Certificate Signing Request CSR with ONE CLICK

    72 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Authentication: Web Filter User-to-IP Mapping

    We need the user's ip mapping. Once a user is authenticated against the http proxy, the user source ip should be mapped in the user's object, so that we can create policy per user

    64 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Authentication: Multiple Single Sign-On (SSO) Servers

    It would be nice to choose a server group with more than 1 SSO Server to authenticate HTTP profiles.

    58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Authentication: Change backend AD password in UserPortal

    A active directory user (external users) can change the password on userportal or the support can activate the "User must change password at next logon" in AD and his must change the Password on userportal.

    57 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. You enable 2 factor authentication options with Duo Security

    When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Authentication: Configurable RADIUS timeout

    The RADIUS timeout setting is hardcoded, and can't be adjusted from the UI. Third part two factor authentication systems like PhoneFactor use "out of band" methods to complete authentication. Such schemes can take 20-30 seconds to complete an Auth. With the current hardcoded RADIUS timeout Astrado is not compatible with these solutions as the timeout needs to be set appropriately.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Authentication: LDAP Group Support

    It would be nice, if a LDAP-User can authentificate through a LDAP-Group.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Global Bot / Script Kiddie / Brute Force IP Blacklist

    Sophos should maintain a blacklist of Bots / Script Kiddies / Brute Force attackers based on big data of failed logins on UTM's.

    Problem to solve:
    There are lot of (often automated) login attempts to the different publicly available UTM facilities as SMTP (authenticated relaying), User Portal, Webadmin, SSH, Reverse Proxy. On my UTM I have for example since weeks a ongoing brute force attacks on the smtp proxy, as authenticated relaying is allowed on it. Blocking those bots after 5 attempts helps only marginal, as they automatically switch to other bots (new IP) and continue the brute force attack.…

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. AuthenticationAD OU and Group Synchronization

    With more companies using the NSG platform for Web, Email and Endpoint Management, having the ability to import OU's and Groups become more important for policy management and reporting.

    Having granular policy control for Web use or Email DLP is very important for both public and private sector businesses. Most mid - large businesses require a level of departmental reports, typicaly based on users being members of particular groups or OU's.

    For more than a few hundred machines, endpoint policy control is easier with the ability to group and apply machines based on how they are grouped in AD -…

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Integrate EAS proxy into the UTM

    The EAS proxy could be delivered as part of the Sophos UTM as the UTM is usually deployed at the permiter. Proxy configuration should remain in SMC though.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Authentication: SSL-Encryption for Proxy Fallback Login

    Please make the proxy authentication encrypted if the client does not support eDirectory SSO. Actually user and password are sent in human-readable cleartext.

    Same thing for the transparent proxy with authentication. The login form is provided via http... Why not https?

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Change the Active Directory login behavior with multiple DCs

    With the current code handling the Active Directory authentication of users, if you add multiple domain controllers as authentication sources, any error with the user's authentication will cause the authentication to be attempted on the next DC.

    Unfortunately, this is also the case with failed passwords. The LDAP protocol has a built-in error message to tell the client that the failure was due to a bad password and not a server or communication issue (LDAPMessage bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)).

    This causes issues when users make mistakes on their passwords, it causes the AD…

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Notifications: Login of SSL VPN User

    Email Notifications for Login SSL VPN User (Remote Access)

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentication: Routing Authentication per Domain

    It's important to have a chance in big customers the chance to route authentication process in base of domain name. it would an improvement about what there is already available. Example: users@gabriele.com will be authenticated by radius on server1; if authentication fail, users@gabriele.com will be authenticated by Active directory on server2. ecc.

    Very efficient in big environment.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add optional PIN entry field for two-factor authentication

    There are really two big issues I have with the two factor authentication implementation. The first is that no where in the setup for the user is there any information or instruction as how to use two factor authentication. Every other two factor authentication that I have used has had a separate box for putting in the random code. I only learned about how to properly use two factor authentication after calling support and being informed that I needed to append the randomly generated code to the end of my password to which I say "Really! and you arn't going…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Secure & Up-to-Date Password Storage for Internal Users

    Hi there,

    currently, passwords of internal users are stored as md4 hashes. According to Wikipedia, this hash function was already severely broken 10 years ago: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" [1]. IMHO, this is a severe security issue, especially for a security device such as a firewall.

    While it's technically true that access to password hashes requires administrative access, those hashes should still be protected, even in case of compromise. This also facilitates insider attacks, and so on...

    Therefore, I strongly suggest that password storage follows well-established security principles: Use…

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.