SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. authentication

    I believe we should be able to specify which authentication server to use for each login method.
    It should not fallback to any other servers not specified.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add optional PIN entry field for two-factor authentication

    There are really two big issues I have with the two factor authentication implementation. The first is that no where in the setup for the user is there any information or instruction as how to use two factor authentication. Every other two factor authentication that I have used has had a separate box for putting in the random code. I only learned about how to properly use two factor authentication after calling support and being informed that I needed to append the randomly generated code to the end of my password to which I say "Really! and you arn't going…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. add U2F authentication to UTM and SUM

    The protocols and hardware already exist. See https://fidoalliance.org

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide the Two-Factor-Authetication as a radius service, too

    Hi, great that you know implemented a 2FA with OTPs. With that it is now possible to secure applications dealing with the Firewall or, in combination with reverse Proxys, even to secure web-based third-party applications. But what about non-browser based 3rd Party Tools? Wouldn't it be great to provide the 2FA also as a radius Service for those other programs? For us it would be. We are running e.g. a Password Server app that has a webinterface AND other user guis like Mobile apps. With a reverse Proxy, we could try to secure this Service from outsides threads via 2FA…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. LDAP/TOTP Server proxy

    Astaro/Sophos UTM will happily use an external LDAP server as an authentication source. And then apply over that its own TOTP layer. But it cannot provide that TOTP service to other devices, except for internal websites using the reverse proxy.

    I'd like to see Astaro offer an external facing LDAP service, as a proxy for other LDAP servers with an optional OTP enhancement. This would allow an organisation to provide a single OTP source against a whole range of services such as mail servers, file servers and much more; all without configuring multiple OTP servers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. When manually defining Soft Token, provide a RANDOM Secret button.

    When using the One Time Password (OTP) facility to manually build Soft Tokens for users; it would be nice if the UTM could provide a 'Generate Random Secret' button; as currently you have to manuall source/define a 128 bit hex secret key. Using a Random string generator that confirms to the UTM requirements of manually defined OTP secrets would make things easier.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add more card compatibility for token-based authentication for SafeGuard Enterprise drive encryption

    Specifically we are using a PIV card standard and the card is supplied by HID Global (purchased ActivIdentify 4 years ago). Yet the support matrix doesn't show support for this card nor does it show anything listed by HID Global who is one of the top manufacturer's/providers of smart cards, smart card solutions, and smart card readers in the industry.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Automatically disable user accounts after a period of inactivity

    A large percentage of our workforce is temporary workers and manually removing their account on the Astaro every time they leave us is impractical. It would be nice to have the Astaro automatically delete, or disable, user accounts after a certain period of inactivity (which the admin should be able to set).

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Authentication: Delete UTM user-object when deleted from backend server

    When we remove a user from our LDAP Directory (namely eDirectory or ActiveDirectory) the User in UTM is untouched. It would be nice if the UTM could know about this and purge its matching user-object as well. (Or display us a report of users who are no longer seen on the backend server so we could trigger a delete periodically).

    84 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSO authentication apple's open directory in transparent mode and proper documentation

    SSO authentication apple's open directory. For it to work in transparent mode without the need to use a proxy. Have all of this work with Safari as it does not work at all right now. Have some proper documentation for the macintosh system.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. WebAdmin: Force password change upon first login

    a optional Checkbox in user creation menu with that feature would be nice.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Authenticate a user against multiple different backends

    Currently, a single user can only be authenticated against a single backend. If a user exists in multiple backend with the same username, you get all sorts of funny reactions.

    In the documentation about Dynamic Group Membership the described logic would make this possible. However, it doesn't work as described; Users end up in the wrong backend group and some UTM services throw authentication failure errors while the backend in question can successfully authenticate the user.

    Please make it work as described in the documentation!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. mapping authentication servers to facilities

    It would be naice to be able to map serrtain authentication servers tp certain functionalities. For instance: The inhouse end-user-portal needs no RSA-Token (Active Directory is used here) but the authentication for a VPN-Client should use RSA-Authentication.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. include FTP Proxy in authentication

    Our customer used this feature on his old Proxy to controll who and with which rights a user can use the ftp. For our customer it is an essential Feature.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Integrations with KeyShield SSO

    It would be useful to add authentication via KeyShield SSO. KeyShield SSO concept is designed for any client platform. It provides SSO functionality for Windows, Linux, Android, Mac, iPad and iPhone. The principle of KeyShield SSO integration is very simple to implement - when UTM get a connection request, it ask KeyShield SSO server about the origin IP address. The response is fdn within one of configured directories (eDirectory, ActiveDirectory, LDAP) or "unknown".

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Notifications: Login of SSL VPN User

    Email Notifications for Login SSL VPN User (Remote Access)

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow backend groups to point to AD containers or OUs

    When creating a backend group in UTM against Active Directory, you cannot specify an OU or Container for membership. In eDir backend groups, you can point it at an OU and everything under that resolves to the group. The same is not true for AD; the user does not resolve as a member of the group if backend membership is limited to an OU, it only works when pointed to an actual group object.
    I suggest mirroring the features from eDir group processing in AD group processing, and allowing backend group membership to be determined by OU or Container.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentication: Support SAML2

    It would be nice if the Astaro products would support SAML2 for SSO. There are enough modules out on the market now so that it shouldn't be hard to support. Couly make some things easier with proxy auth. Thanks

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authentication timeout based on inactivity and session

    I suggest an option to set the authentication time counter to start when the connection is inactive. Now: For our schools, teachers get interrupted and timeout in an active session. Whatever person (students) can use whatever device as long as the timer has not reached limit. Not very useful. If the timer instead was based on inactivity, the user could stop surfing or restart the device to ensure that the association was finished. A keep-alive script would also then be easy to make if one have to be associated for an extended time.
    There should also be very useful to…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Import Active Directory Groups automatically

    Currently users are imported and created into the user/groups definitions when imported from AD. Groups however are not and you have to manually create the groups definitions and attach them to the AD group

    It would be so much easier if this was done automatically on sync!!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.