Webserver Protection: Reverse Authentification with NTLM and Kerberos
The Reverse Authentification feature (UTM 9.2) for WAF is a nice progres, but I'm hoping that it will soon be extended. There are many scenarios that require at least NTLM; Kerberos would be nice as well. Yes, we are coming from TMG :-)
Very frustrating, we still can't use waf for active sync with certificates which worked so good with tmg.
Any news ?
A lot of TMG to replace and this feature is absolutely needed. Please add it ASAP.
Even the new version, XG, has the same limitation. Hope they will add more TMG like authentication method.
Luciano Zago commented
Besides the fact Sophos has announced UTM is the best TMG replacement, it's still far away for not implement this basic authentication mechanism.
By the way, does anyone from there really read what real world users are writing here? This might be tenth suggestion without any comment from Sophos representative. If no one cares about us, maybe you should consider quit this channel.
C'mon.... There are so many Users waiting for this Feature. Than UTM would be a REAL TMG Replacement....
Sebastian Meyer commented
"Look at replacing TMG as an opportunity, not a pain. Now's your chance to replace your old Microsoft TMG with simpler, better protection. Sophos UTM is everything you need in one virtual box - you can even use your existing Windows Server if you want. Most importantly, it's a solution that makes threat management simple - and it's even easier to grow your protection over time.
So TMG, thanks for the memories, enjoy retirement. Threat Management just got a lot better with Sophos UTM."
Big gap between marketing and reality!
We need that feature! Essential for sharepoint hosting!
How many more time to release this feature? I need to migrate services from TMG!
Essential for us, do you have any idea of release date?
Wow, it works :-) :-) :-)
OK, together with auth offloading (to several domains!) it would be perfect, but just like it is now, WAF with Windows Auth is ready for the "real world". So we can continue to migrate services from TMG.
Looking forward for the next step in WAF improfements!
Since 9.210, there is a Feature released, somehow related to this request:
Fix : [9.2] Add support for passthrough NTLM connection
It's not the offloading, but even a passtrough of NTLM Informations.
Moving from TMG to Sophos UTM, the lack of NTLM and Kerberos authentication in the RA feature was a real pain. Implementing this feature would be a very good step for Sophos.
Jack Cheney commented
SSO from behind the UTM to O365 is a must for me and my organization.
I completely agree - this is essential for me!!