SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Let's Encrypt Integration

    It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
    Best Regards

    1,641 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    296 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. websocket support for WAF

    we are hosting a SignalR hub (http://signalr.net/) behind a Sophos UTM 320. We use the Web Server Protection feature extensively in our environment, and as such have opted to use the same for this.
    SignalR will always try to use Web Sockets (http://en.wikipedia.org/wiki/WebSocket), a new HTML5 API, and fallback to other technologies where this isn't possible to be used.
    Since we've been hosting the hub via the reverse proxy, none of our clients are able to connect via Web Sockets :so having support for websockets in WAF would be super cool

    456 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    57 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. URL Redirection

    It would be great if it would be possible to redirect certain URLs

    For example:

    www.company.com => www.company.ch/site1
    www.company.com/site1 => www.company.com/newsite

    Thank you :)

    379 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    48 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Webserver Protection: Reverse Authentification with NTLM and Kerberos

    The Reverse Authentification feature (UTM 9.2) for WAF is a nice progres, but I'm hoping that it will soon be extended. There are many scenarios that require at least NTLM; Kerberos would be nice as well. Yes, we are coming from TMG :-)

    223 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Server Protection: Certificate-based Authentication

    I would appreciate to support certificate-based authentication like at Microsoft TMG. I don't know why Sophos is making advertisements for "Replace your TMG with Sophos UTM" if UTM even can't do this! I want the reverse proxy to check a client certificate, If this certificate is not valid or it doesn't exists it shows an error page.

    TMG Config: http://4sysops.com/wp-content/uploads/2011/07/SSL-Client-Certificate-Authentication_thumb.png

    190 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Reverse Proxy: Authentication Offloading like TMG

    will there be a feature like Authentication / captive portal (e.g. the proxy settings"transparent with authentication" ) for enabling a reverse proxy?
    This would be so usfull for small installations with no frontend exchange / DMZ.
    (juniper calls this "webauth" )

    178 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo Comazzetto responded

    We are hard at work on this feature and will deliver the first implementation of front end authentication as part of our Web Server protection (reverse proxy) in UTM 9.2. The public beta will begin in October. Stay Tuned!

  7. Web Application Firewall: Remote Desktop Gateway support

    Similar to support for Outlook Anywhere, it would be really beneficial if the WAF allowed for the publishing of Remote Desktop Gateway and handled those methods. RDG_OUT_DATA followed by RPC_IN_DATA and RPC_OUT_DATA, and including /RemoteDesktopGateway in the request. It seems like common functionality that many customers must be looking for...

    147 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. HTTP/2 support

    Please add HTTP/2 support

    88 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web Server Protection: Support for ActiveSync 14.1

    WAF doesn't support ActiveSync 14.1, i.e. after you install SP3 for Exchange 2010, you can't use use WAF to protect your ActiveSync Server anymore. This is poor.

    77 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  5 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Web server protection - Add HSTS header support

    Request that the Sophos UTM supports HTTP Strict Transport Security (HSTS). RFC6797 - https://tools.ietf.org/html/rfc6797

    67 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Reverse proxy add encodedslashes option

    Please provide the option in the Reverse proxy to enable encodedslashes for a specific virtual webserver.

    Because some web applications use for example %2F for a slash and the reverse proxy cannot translate this back to / because of allowencodedslashes is not enabled by default. So this results in a 404 error.

    http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes

    When changing the configuration file of the reverseproxy it is working fine, but the configuration is overwritten all the time. So a checkbox in the Webadmin to enable this option would be nice.

    63 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support for TLS 1.3

    Support the latest version of TLS protocol for improved security and performance. TLS 1.3 is huge step forward for web security and performance.

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make Web Application Firewall Site Path Routing case insensitive.

    Site Path Routing should have an option to treat the path in a case neutral manner.

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. WebServer Protection: Allow for larger upload handling

    For web sites with larger uploads (e.g. ownCloud) there is currently a 128MB (134217728 byte) limit in Web Server protection, the so called request body limit in ModSecurity.
    Please add the possibility to configure this parameter (it's "SecRequestBodyLimit" in the Apache config) to allow larger uploads to sites protected by WAF.

    51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. WAF - Allow Remote Dektop Gateway protocol Windows server 2016

    Upgraded our RDP Gateway server to Windows 2016, and connection through the WAF is now failing. Answer from support:

    "I have reviewed the case and have researched this issue for you. For the RDP Gateway 2012R2, RD Gateway used to use RPC (remote procedure call) in order to transport the remote desktop session over HTTP, that was & still is supported by WAF on the UTM.

    For the Windows 2016 RDP Gateway however, Microsoft decided to change protocol they use so that instead of using RPC, they now use one called RDG. RDG is not supported by WAF on the…

    50 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Web Server Protection: Transparent reverse proxy

    Please provide the option to use reverse proxy also with transparent mode. This way permits to have the real remote host IP traced on the web server log files instead of the IP of the firewall. Now without transparent mode, every web analyzer software is not able to give real traffic reports...

    48 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong cat

    Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong category.

    46 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Let's Encrypt Wildcard Integration

    Let's Encrypt Integration came with UTM 9.6. That's great!

    You should now implement the support of Let's Encrypt Wilcard domains with ACMEv2.

    Best Regards

    38 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. 35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Application Firewall OTP support for form to form authentication

    Support for form to form authentication with one time passwords in the WAF.

    The WAF should be able to pass authentication through to a website which authenticates using a form (as opposed to only basic auth) if there is configuration on the UTM that defines the URL to the page which can process the login (not the login form) and the field names for the username and password.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.