SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Active Directory

    When the UTM is sync with Active Directory, it would be nice for the UTM not to keep old Active Directory accounts within the UTM device, and for the ability for the UTM to keep upto date users from AD when the UTM does a sync,

    as we are a school and we use the utm for the filtering / authentication - having to go through over 1000, accounts and remove them from the utm device is somewhat time consuming, if this could be added as a feature it would be really great and i'm sure other people would agree.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Google secure LDAP client for user authentication

    Please implement Google secure LDAP client (with cert).
    We have to install a LDAP proxy like sTunnel to connect to Google secure LDAP for user authentication in UTM. This could be avoided.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Password Age Setting as QSA Requirement

    Hi ,

    As per QSA requirement that the password age setting feature and the change in password notification be available. This is a pain for us and is hampering the client to convince them to deploy more Sophos UTM.

    Regards,

    Clyde - TN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. mail.it@wcc.nl

    Double Check Active directory when creating users. When a new user wants to access out VPN, they must login using their AD user account. If they do this, a Sophos account is created that has backend-sync enabled and all is well.

    But often, they use their e-mail address instead. In that case, a local account is creatrd with that e-mail address. This account obviously will not have the proper AD group memberships. Trying to create a new account only using the userID is then not possible because an account with that e-mail address already exists.

    The only solution is that…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Certificate on the UTM

    Out-of-the-box Sophos UTM will generate self-signed certificates for many functions as for the Web proxy signing CA. We would like to use our internal PKI infrastructure consisting of an W2K16 Enterprise RootCA because it_s certificate is trusted automatically by all Windows clients in the domain so there is no need to distribute other certificates by GPO for e.g.

    For the webadmin console we used a certificate signed by this RootCA and that works without problem. Because we use SSL scanning we want the web proxy Signing CA to be a intermediate CA of our RootCA. I have generated the…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. adding an option to remove users from UTM

    i would like you to add an option to remove users from UTM after they get authenticated and synced from STAS to the UTM, sometimes even when you remove the user from the STAS it keep stuck in the UTM and then i have to restart the device to wipe all the users and start fresh, adding this option will ease the work

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow API authentication to be restricted to tokens only

    At the moment, there are two options to authenticate to the RESTful API: User/Password or API Token. Since it is not recommended to use the username/password, it would be great to have an option to disable that method of authentication entirely. This ensure that company admins are using their API tokens.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. create an option to log user out when maximum login is reached

    users should be able to see devices they are logged and choose to disconnect a session in a situation where maximum login has been reached.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. MAC address Allow list for Personal Devices

    I see there is a MAC list so that you can RESTRICT an individual user to specific devices. Can there be a MAC list to add a user's phone, tablet, PC so that they don't have to log in through the user portal or with the Network Agent App on PERSONAL devices?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Secure & Up-to-Date Password Storage for Internal Users

    Hi there,

    currently, passwords of internal users are stored as md4 hashes. According to Wikipedia, this hash function was already severely broken 10 years ago: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" [1]. IMHO, this is a severe security issue, especially for a security device such as a firewall.

    While it's technically true that access to password hashes requires administrative access, those hashes should still be protected, even in case of compromise. This also facilitates insider attacks, and so on...

    Therefore, I strongly suggest that password storage follows well-established security principles: Use…

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD synchro

    Azure Active Directory Synchro option

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. bypass users

    i blocked zip & exe's downloads (as they may contain zero day) it would be good if web protection-> bypass users could bypass the restriction - at the moment it only works with web pages

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Maxiumum Session Time per User/Group

    The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Zone Based Captive Portal

    Kindly Provide Zone Based Captive Portal in next possible firmware upgrade,
    So that firewall will push IP Address of only that specific Zone interface automatically to the users browser.
    Currently default behavior of firewall is that it will push down only specific IP address of specific zone for all zones captive portal request which does not fulfill requirement of creating separate zone.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. HTML5 VPN Portal - Smartcards

    It would be good if we could pass through Local Resources such as smartcards as we enforce smartcard login requirements. This is currently preventing us from using the Sophos VPN HTML5 solution

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Synchronize Authentication on UTM coming from Cisco WLC

    Customer is asking if possible to receive accounting information from a cisco wlc to put a username to a ip address in web filtering logs

    The way it is setup is a user connects to the cisco wlc which is authenticated via a radius server .

    the wlc use a windows dhcp server to allocate ip address and also gives it the Sophos utm as its gateway via web filtering.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. RADIUS Change of Authorization (CoA)

    Please add support for RADIUS Change of Authorization (CoA).

    The use case is we are attempting to perform a RADIUS Change of Authorization (CoA) for wireless clients connected to an AP managed by the XG. With Cisco, Meraki, Aruba, Aerohive and others this typically shows up as "rfc-3576" support in the UI.

    It would allow the XG wireless controller to accept a RADIUS CoA packet (typically sent on UDP port 3799) from a RADIUS server to disconnect a client so it can receive a new RADIUS attribute from the RADIUS server.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add RADIUS Accounting Export to External RADIUS Server

    There is already an option in the UI to enable accounting when configuring a RADIUS server, but I was informed by support that that feature is not supported. Auth work fine on 1812, but accounting on 1813 is never sent. We need to be able to send accounting to the external RADIUS server. For reference, the ticket is RE: [#7150365] Web support query. Thanks!

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add MAC Authentication for Open SSID

    I think it would be a good idea to add MAC Authentication as an option for open SSIDs. This allows a device that is unable to configure a supplicant to authenticate via RADIUS using the devices MAC address as the username and password. With Meraki, Aruba, Aerohive and others this typically shows up as MAC Authentication, MAC-based access control, etc.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. New features

    Possibility to grant user to more than one local or external group

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.