SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Active Directory

    When the UTM is sync with Active Directory, it would be nice for the UTM not to keep old Active Directory accounts within the UTM device, and for the ability for the UTM to keep upto date users from AD when the UTM does a sync,

    as we are a school and we use the utm for the filtering / authentication - having to go through over 1000, accounts and remove them from the utm device is somewhat time consuming, if this could be added as a feature it would be really great and i'm sure other people would agree.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. mail.it@wcc.nl

    Double Check Active directory when creating users. When a new user wants to access out VPN, they must login using their AD user account. If they do this, a Sophos account is created that has backend-sync enabled and all is well.

    But often, they use their e-mail address instead. In that case, a local account is creatrd with that e-mail address. This account obviously will not have the proper AD group memberships. Trying to create a new account only using the userID is then not possible because an account with that e-mail address already exists.

    The only solution is that…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Certificate on the UTM

    Out-of-the-box Sophos UTM will generate self-signed certificates for many functions as for the Web proxy signing CA. We would like to use our internal PKI infrastructure consisting of an W2K16 Enterprise RootCA because it_s certificate is trusted automatically by all Windows clients in the domain so there is no need to distribute other certificates by GPO for e.g.

    For the webadmin console we used a certificate signed by this _Root_CA and that works without problem. Because we use SSL scanning we want the web proxy _Signing CA_ to be a intermediate CA of our RootCA. I have generated the certificate…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. adding an option to remove users from UTM

    i would like you to add an option to remove users from UTM after they get authenticated and synced from STAS to the UTM, sometimes even when you remove the user from the STAS it keep stuck in the UTM and then i have to restart the device to wipe all the users and start fresh, adding this option will ease the work

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. MAC address Allow list for Personal Devices

    I see there is a MAC list so that you can RESTRICT an individual user to specific devices. Can there be a MAC list to add a user's phone, tablet, PC so that they don't have to log in through the user portal or with the Network Agent App on PERSONAL devices?

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Secure & Up-to-Date Password Storage for Internal Users

    Hi there,

    currently, passwords of internal users are stored as md4 hashes. According to Wikipedia, this hash function was already severely broken 10 years ago: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" [1]. IMHO, this is a severe security issue, especially for a security device such as a firewall.

    While it's technically true that access to password hashes requires administrative access, those hashes should still be protected, even in case of compromise. This also facilitates insider attacks, and so on...

    Therefore, I strongly suggest that password storage follows well-established security principles: Use…

    20 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD synchro

    Azure Active Directory Synchro option

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Zone Based Captive Portal

    Kindly Provide Zone Based Captive Portal in next possible firmware upgrade,
    So that firewall will push IP Address of only that specific Zone interface automatically to the users browser.
    Currently default behavior of firewall is that it will push down only specific IP address of specific zone for all zones captive portal request which does not fulfill requirement of creating separate zone.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. HTML5 VPN Portal - Smartcards

    It would be good if we could pass through Local Resources such as smartcards as we enforce smartcard login requirements. This is currently preventing us from using the Sophos VPN HTML5 solution

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. RADIUS Change of Authorization (CoA)

    Please add support for RADIUS Change of Authorization (CoA).

    The use case is we are attempting to perform a RADIUS Change of Authorization (CoA) for wireless clients connected to an AP managed by the XG. With Cisco, Meraki, Aruba, Aerohive and others this typically shows up as "rfc-3576" support in the UI.

    It would allow the XG wireless controller to accept a RADIUS CoA packet (typically sent on UDP port 3799) from a RADIUS server to disconnect a client so it can receive a new RADIUS attribute from the RADIUS server.

    7 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. New features

    Possibility to grant user to more than one local or external group

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. PPPOE Server

    just must add PPPOE server it's important option

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow users to reset Active Directory passwords from the UTM User Portal

    Raised on behalf of a Sophos customer, see support case 6426894.

    Customer would like the UTM's User Portal feature to function in a similar manner to the portal available on the Microsoft TMG product.
    when using a TMG, if a user's Active Directory account has been flagged to 'Reset password at next logon" when they try to log into the portal, the TMG portal notifies the user that they need to change their password and completes the password change with them.

    Using a UTM in the same scenario results in an authentication failure (expected behaviour), but the customer would like…

    9 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. User portal OTP only from WAN

    it would be great, if we get a funktion, so that we can configure, that the OTP is only nesesary if a user logging in from outside the lan.

    6 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. IPv6 SSO in STAS

    Currently the STAS implementation only supports IPv6, when you enter an IP Address in the "Networks to be monitored", an error message of "Invalid Network IP" is thrown.

    This is preventing a native IPv6 rollout as we are unable to apply user based rules to IPv6 traffic (as no users are authenticated...).

    9 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Safe Search HTTPS Certificate

    Estimados, sería muy importante poder generar una actualización en la que desde el Captive portal se pueda descargar el certificado de SOPHOS para la aplicación del escaneo HTTPS y forzar el SAFE SEARCH. En instituciones donde asiste mucha gente con dispositivos propios que utilizan el servicio de WIFI no se puede instalar de forma centralizada el certificado lo que impide el uso del servicio de escaneo que es muy importante sobre todo en instituciones educativas para proteger los contenidos a los que acceden los alumnos.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow API authentication to be restricted to tokens only

    At the moment, there are two options to authenticate to the RESTful API: User/Password or API Token. Since it is not recommended to use the username/password, it would be great to have an option to disable that method of authentication entirely. This ensure that company admins are using their API tokens.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Change Default Login User ID as admin for Sophos Firewall

    Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Change Default Login User ID as admin for Sophos Firewall

    Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. IP Block List - General Automatic IP Block List for all Functions

    Definition & Users -> Authentication Servers -> Advanced

    Request for an „Auto-Blocklist“.
    Specially on SMTP you all know how oft IPs try to gain access while try to guess login data.

    I do not want those IPs never ever come up again - no matter what function on the UTM/SG/XG they try to use.
    This traffic should generally discarded (not blocked – I do not want to nicely tell the opposite that he is being blocked)

    Lets say a "UTM blacklist" which can either be filled manually, and then get selected for the functions (or all) of these IP /…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.