SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Change the Active Directory login behavior with multiple DCs

    With the current code handling the Active Directory authentication of users, if you add multiple domain controllers as authentication sources, any error with the user's authentication will cause the authentication to be attempted on the next DC.

    Unfortunately, this is also the case with failed passwords. The LDAP protocol has a built-in error message to tell the client that the failure was due to a bad password and not a server or communication issue (LDAPMessage bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)).

    This causes issues when users make mistakes on their passwords, it causes the AD…

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. User portal OTP only from WAN

    it would be great, if we get a funktion, so that we can configure, that the OTP is only nesesary if a user logging in from outside the lan.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. IPv6 SSO in STAS

    Currently the STAS implementation only supports IPv6, when you enter an IP Address in the "Networks to be monitored", an error message of "Invalid Network IP" is thrown.

    This is preventing a native IPv6 rollout as we are unable to apply user based rules to IPv6 traffic (as no users are authenticated...).

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support OTP for more facilities

    We need OTP support for Cisco VPN and L2TP over IPsec VPN. These are the only supported configurations that can be pushed to Sophos Mobile Control and used on iOS devices out of the box.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Safe Search HTTPS Certificate

    Estimados, sería muy importante poder generar una actualización en la que desde el Captive portal se pueda descargar el certificado de SOPHOS para la aplicación del escaneo HTTPS y forzar el SAFE SEARCH. En instituciones donde asiste mucha gente con dispositivos propios que utilizan el servicio de WIFI no se puede instalar de forma centralizada el certificado lo que impide el uso del servicio de escaneo que es muy importante sobre todo en instituciones educativas para proteger los contenidos a los que acceden los alumnos.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow API authentication to be restricted to tokens only

    At the moment, there are two options to authenticate to the RESTful API: User/Password or API Token. Since it is not recommended to use the username/password, it would be great to have an option to disable that method of authentication entirely. This ensure that company admins are using their API tokens.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Change Default Login User ID as admin for Sophos Firewall

    Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Change Default Login User ID as admin for Sophos Firewall

    Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. IP Block List - General Automatic IP Block List for all Functions

    Definition & Users -> Authentication Servers -> Advanced

    Request for an „Auto-Blocklist“.
    Specially on SMTP you all know how oft IPs try to gain access while try to guess login data.

    I do not want those IPs never ever come up again - no matter what function on the UTM/SG/XG they try to use.
    This traffic should generally discarded (not blocked – I do not want to nicely tell the opposite that he is being blocked)

    Lets say a "UTM blacklist" which can either be filled manually, and then get selected for the functions (or all) of these IP /…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. create an option to log user out when maximum login is reached

    users should be able to see devices they are logged and choose to disconnect a session in a situation where maximum login has been reached.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. allowed user gorups

    UTM Authentication process in allowed User / Groups for Authenticated Relay

    The UTM attempts to first authenticate the users to itself with AD before deciding whether or not users are listed in order to block or allow users/ groups the ability to relay emails through the UTM, when users have been added into the allowed users/group under allowed authentication Relaying in SMTP Global settings.

    A preferred option would be to first check if users are listed first before attempting to go through authentication process with AD.
    This allows for better performance as the UTM will go through authentication process only…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Include QR code scanner in Sophos Authenticator App

    In the Sophos Authenticator app for Android, it seems it does not scan QR codes by itself. The user has to install another app (XZing ?) to make this work. Also, it would be nice if the app told the user if a QR code scanner app is missing on the smartphone.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. hide token information

    The utm offers the possibility to hide the token infomation of individual users.
    We have the following situation:
    Our few remote users donot use the user portal. The got the client configuration pushed to there remote device ans the QR-code for the token mailed to ther mobilephone. So ther is no need to bother them with the userportal.
    on the other hand we got suppliers whice offers remote support on the machines we bought from them.
    The support engineers using the user portal as entree to there machines.
    Because we want to hav econtrole of the remote connections of our…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Notify users about ActiveDirectory password expiration on WAF Reverse authentication form

    Users logging on via the reverse authentication form Feature should be able to Change their Password from here - or be notified about an expiring/expired Password.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. support Radius challenge response

    We needed it for 2fA support with SMS PASSCODE

    101 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Login time the same in STAS and UTM

    I would like to suggest that login time on Client Authentication was in GMT.
    I have a SG implanted with STAS and when I will check the time is different between the two solutions.
    e. g.: My GMT-3, in STAS the user aaaaa logged in Oct 18 12:20 2017, then I will look this information on SG, I see Oct 18 15:20 2017, three hours more.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Using IAM Roles instead of setting up an IAM profile with access keys

    We want to create a new feature request for Sophos UTM9.

    In the latest version of Sophos UTM, in order for us to send logs to CloudWatch we are required to setup an AWS profile with Access Keys and Secret Access Keys. This is not a secure AWS pratice.

    Can you please update this feature to include an option to choose "AWS IAM Role" instead of adding the access keys?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Integrate FIDO U2F as form of two factor authentication

    We are heavily using Google Authenticator together with our UTMs but would like the ability to issue a user an open source hardware solution that can go on their key ring. Our power users tend to run out of battery life on phone while traveling and a device on a key chain would allow for ease of access and a knowledge that all users can get in and accomplish the important business items they take care of.

    Our other solutions allow us to use something like a Yubikey Neo and gain access to everything no matter batter conditions.

    Benefits:
    No…

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. add OTP to SUM

    currently the auth mechanism on the SUM only uses userid and password. The current OTP system in the UTM would be beneficial to SUM as well.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow Maxiumum Session Time per User/Group

    The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.