SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Integrate FIDO U2F as form of two factor authentication

    We are heavily using Google Authenticator together with our UTMs but would like the ability to issue a user an open source hardware solution that can go on their key ring. Our power users tend to run out of battery life on phone while traveling and a device on a key chain would allow for ease of access and a knowledge that all users can get in and accomplish the important business items they take care of.

    Our other solutions allow us to use something like a Yubikey Neo and gain access to everything no matter batter conditions.

    Benefits:
    No…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. add OTP to SUM

    currently the auth mechanism on the SUM only uses userid and password. The current OTP system in the UTM would be beneficial to SUM as well.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow Maxiumum Session Time per User/Group

    The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block Password Guessing for WAF

    In the configuration for password guessing, I miss the option to enable block password guessing for WAF Authentication.

    See
    - https://www.astaro.org/closed-forums-read-only/utm-9-betas/utm-9-2-beta/50498-9-191-feature-block-password-guessing-reverse-authentication.html
    - https://www.astaro.org/beta-versions/utm-9-3-beta/54271-feature-block-password-guessing-waf.html
    - Mantis ID #30112

    Maybe it ist possible to implement this festure earlier than 9.350

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add SAML support as an Authenticaiton Source for the UTM manager interface

    Make it so that you can authentication admins for the UTM system using SAML to something like ADFS.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. SFM - /log/applog.log data should not have the password credentials

    For the SFM, in advanced shell, if you run: cat /log/applog.log | grep applog
    The results will show the credentials used to connect to the firewalls. Please do not log the credentials in clear text.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. add subnets for login restriction of user groups

    dear corresponsent,
    we are using Cyberoam CR300iNG firmware build of 050. Firmware version is 10.6.5.

    I have such issue that want to restrict login for specific IP subnets.
    for example we have several VLANS and subnets and i want to enable login of users on specific subnets like WIFI, library, lab computers etc but i want to restrict them to login to office computers.
    in identity section of cyberoam there is groups tab, and under groups tab there Login restriction option.
    currently there are only options of Any node, Selected nodes, Node range.
    it seems as i can use only…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. network authentication

    in Sophos when we authentication on network it connect through our default getaway and also showing SSL certificate issue could we access it through FQDN .

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. You enable 2 factor authentication options with Duo Security

    When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. As of now it not possible to change this Open SSL certificate SHA-1 version neither from GUI nor from Backend as these settings are hard cod

    As of now it not possible to change this Open SSL certificate SHA-1 version neither from GUI nor from Backend as these settings are hard coded on UTM architecture.

    I request you, kindly share this requirement on our portal http://ideas.sophos.com as feature request so that our development team can take of this in future release on UTM firmwares.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add optional PIN entry field for two-factor authentication

    There are really two big issues I have with the two factor authentication implementation. The first is that no where in the setup for the user is there any information or instruction as how to use two factor authentication. Every other two factor authentication that I have used has had a separate box for putting in the random code. I only learned about how to properly use two factor authentication after calling support and being informed that I needed to append the randomly generated code to the end of my password to which I say "Really! and you arn't going…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Global Bot / Script Kiddie / Brute Force IP Blacklist

    Sophos should maintain a blacklist of Bots / Script Kiddies / Brute Force attackers based on big data of failed logins on UTM's.

    Problem to solve:
    There are lot of (often automated) login attempts to the different publicly available UTM facilities as SMTP (authenticated relaying), User Portal, Webadmin, SSH, Reverse Proxy. On my UTM I have for example since weeks a ongoing brute force attacks on the smtp proxy, as authenticated relaying is allowed on it. Blocking those bots after 5 attempts helps only marginal, as they automatically switch to other bots (new IP) and continue the brute force attack.…

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Authentication data cache of AD SSO

    Please add option which UTM can cache user authentication data of AD SSO.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Disabling SMTP Authentication for specific users or groups

    it would be great to have a opportunity to disable the SMTP authentication for single users or groups. We have a lot of brute force attacks via the smtp-proxy and domainusers were disabled because of those attacks. Therefor we've activated the "Block Password Guessing"-feature for SMTP proxy, because blocking of 10+ IP's each day for each user isn't the right way.
    Now the problem is, if those requests will come from different IP addresses the account will be locked anyway.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Captive Portal should redirect automatically when first time logging

    In new XG 210 firewall, after up-gradation of firmware version SFOS 16, Captive Portal not pop-up (redirect) automatically after first time we open browser. Previous version ( SFOS 15), it's working fine even we are using ASG220 firewall since last 6 years, in that also this feature working fine but new firmware having a issue of automatically redirect of captive portal.

    Hope it was bug and you will resolve it soon. Thanks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. When manually defining Soft Token, provide a RANDOM Secret button.

    When using the One Time Password (OTP) facility to manually build Soft Tokens for users; it would be nice if the UTM could provide a 'Generate Random Secret' button; as currently you have to manuall source/define a 128 bit hex secret key. Using a Random string generator that confirms to the UTM requirements of manually defined OTP secrets would make things easier.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. set up the firewall to allow the RADIUS user to change passwords using user portal:

    set up the firewall to allow the RADIUS user to change passwords using user portal:Presently not possible to change the RADIUS/AD user password.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. import User Group on the Sophos UTM

    kindly i need help how to import Groups in : Sophos UTM 9.407-3
    that i create about 5000 Group and need to import to another UTM in another branch
    how to to that
    import and export groups
    i created ips & urls defirrent groups

    that differnet models

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Clean otp token automatically

    We have opt tokens in use. All users are a member of a AD group.
    We would like it when a user is removed from the group of AD the token should also automatically be removed from the utm.
    Now the removed AD users remain in the opt token list and it's becoming a mess.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. NTLM or Basic authenticaiton for User Portal

    Currently the UTM appliance uses web form authentication for the User Portal. Instead of a web form, can we please add the ability to use either NTLM or basic authentication. For extra security measures, I would like to put a Kemp appliance (which is in our DMZ) between the internet and the Sophos UTM. So what would happen is the users would authenticate with the Kemp appliance and then the Kemp appliance would authenticate with the Sophos UTM. However, the Kemp appliance needs to use either NTLM or basic authentication. It cannot use a web form.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.