SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Certificate on the UTM

    Out-of-the-box Sophos UTM will generate self-signed certificates for many functions as for the Web proxy signing CA. We would like to use our internal PKI infrastructure consisting of an W2K16 Enterprise RootCA because it_s certificate is trusted automatically by all Windows clients in the domain so there is no need to distribute other certificates by GPO for e.g.

    For the webadmin console we used a certificate signed by this _Root_CA and that works without problem. Because we use SSL scanning we want the web proxy _Signing CA_ to be a intermediate CA of our RootCA. I have generated the certificate…

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    • adding an option to remove users from UTM

      i would like you to add an option to remove users from UTM after they get authenticated and synced from STAS to the UTM, sometimes even when you remove the user from the STAS it keep stuck in the UTM and then i have to restart the device to wipe all the users and start fresh, adding this option will ease the work

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • MAC address Allow list for Personal Devices

        I see there is a MAC list so that you can RESTRICT an individual user to specific devices. Can there be a MAC list to add a user's phone, tablet, PC so that they don't have to log in through the user portal or with the Network Agent App on PERSONAL devices?

        4 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
        • Secure & Up-to-Date Password Storage for Internal Users

          Hi there,

          currently, passwords of internal users are stored as md4 hashes. According to Wikipedia, this hash function was already severely broken 10 years ago: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" [1]. IMHO, this is a severe security issue, especially for a security device such as a firewall.

          While it's technically true that access to password hashes requires administrative access, those hashes should still be protected, even in case of compromise. This also facilitates insider attacks, and so on...

          Therefore, I strongly suggest that password storage follows well-established security principles: Use…

          19 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
          • Zone Based Captive Portal

            Kindly Provide Zone Based Captive Portal in next possible firmware upgrade,
            So that firewall will push IP Address of only that specific Zone interface automatically to the users browser.
            Currently default behavior of firewall is that it will push down only specific IP address of specific zone for all zones captive portal request which does not fulfill requirement of creating separate zone.

            3 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • HTML5 VPN Portal - Smartcards

              It would be good if we could pass through Local Resources such as smartcards as we enforce smartcard login requirements. This is currently preventing us from using the Sophos VPN HTML5 solution

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • RADIUS Change of Authorization (CoA)

                Please add support for RADIUS Change of Authorization (CoA).

                The use case is we are attempting to perform a RADIUS Change of Authorization (CoA) for wireless clients connected to an AP managed by the XG. With Cisco, Meraki, Aruba, Aerohive and others this typically shows up as "rfc-3576" support in the UI.

                It would allow the XG wireless controller to accept a RADIUS CoA packet (typically sent on UDP port 3799) from a RADIUS server to disconnect a client so it can receive a new RADIUS attribute from the RADIUS server.

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • New features

                  Possibility to grant user to more than one local or external group

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow users to reset Active Directory passwords from the UTM User Portal

                    Raised on behalf of a Sophos customer, see support case 6426894.

                    Customer would like the UTM's User Portal feature to function in a similar manner to the portal available on the Microsoft TMG product.
                    when using a TMG, if a user's Active Directory account has been flagged to 'Reset password at next logon" when they try to log into the portal, the TMG portal notifies the user that they need to change their password and completes the password change with them.

                    Using a UTM in the same scenario results in an authentication failure (expected behaviour), but the customer would like…

                    9 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                    • User portal OTP only from WAN

                      it would be great, if we get a funktion, so that we can configure, that the OTP is only nesesary if a user logging in from outside the lan.

                      5 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                      • Safe Search HTTPS Certificate

                        Estimados, sería muy importante poder generar una actualización en la que desde el Captive portal se pueda descargar el certificado de SOPHOS para la aplicación del escaneo HTTPS y forzar el SAFE SEARCH. En instituciones donde asiste mucha gente con dispositivos propios que utilizan el servicio de WIFI no se puede instalar de forma centralizada el certificado lo que impide el uso del servicio de escaneo que es muy importante sobre todo en instituciones educativas para proteger los contenidos a los que acceden los alumnos.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow API authentication to be restricted to tokens only

                          At the moment, there are two options to authenticate to the RESTful API: User/Password or API Token. Since it is not recommended to use the username/password, it would be great to have an option to disable that method of authentication entirely. This ensure that company admins are using their API tokens.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                          • Change Default Login User ID as admin for Sophos Firewall

                            Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • Change Default Login User ID as admin for Sophos Firewall

                              Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • IP Block List - General Automatic IP Block List for all Functions

                                Definition & Users -> Authentication Servers -> Advanced

                                Request for an „Auto-Blocklist“.
                                Specially on SMTP you all know how oft IPs try to gain access while try to guess login data.

                                I do not want those IPs never ever come up again - no matter what function on the UTM/SG/XG they try to use.
                                This traffic should generally discarded (not blocked – I do not want to nicely tell the opposite that he is being blocked)

                                Lets say a "UTM blacklist" which can either be filled manually, and then get selected for the functions (or all) of these IP /…

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                • create an option to log user out when maximum login is reached

                                  users should be able to see devices they are logged and choose to disconnect a session in a situation where maximum login has been reached.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • allowed user gorups

                                    UTM Authentication process in allowed User / Groups for Authenticated Relay

                                    The UTM attempts to first authenticate the users to itself with AD before deciding whether or not users are listed in order to block or allow users/ groups the ability to relay emails through the UTM, when users have been added into the allowed users/group under allowed authentication Relaying in SMTP Global settings.

                                    A preferred option would be to first check if users are listed first before attempting to go through authentication process with AD.
                                    This allows for better performance as the UTM will go through authentication process only…

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • hide token information

                                      The utm offers the possibility to hide the token infomation of individual users.
                                      We have the following situation:
                                      Our few remote users donot use the user portal. The got the client configuration pushed to there remote device ans the QR-code for the token mailed to ther mobilephone. So ther is no need to bother them with the userportal.
                                      on the other hand we got suppliers whice offers remote support on the machines we bought from them.
                                      The support engineers using the user portal as entree to there machines.
                                      Because we want to hav econtrole of the remote connections of our…

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Include QR code scanner in Sophos Authenticator App

                                        In the Sophos Authenticator app for Android, it seems it does not scan QR codes by itself. The user has to install another app (XZing ?) to make this work. Also, it would be nice if the app told the user if a QR code scanner app is missing on the smartphone.

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                        • support Radius challenge response

                                          We needed it for 2fA support with SMS PASSCODE

                                          100 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7 8
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.