SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ID33532 9.209 RDWeb via WAF is not possible on customers site

    Issue ID 33532 the ability to publish a Remote Desktop Gateway would be appreciated. currently there is no support for it in UTM.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Webserver Protection: Reverse Authentification with NTLM and Kerberos

    The Reverse Authentification feature (UTM 9.2) for WAF is a nice progres, but I'm hoping that it will soon be extended. There are many scenarios that require at least NTLM; Kerberos would be nice as well. Yes, we are coming from TMG :-)

    229 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. notification for expiring certificate

    Notification for expiring installed certificate under Webserver Protection - Certificate Management. Could be either thru email notification or thru the UTM dashboard.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. create a configuration option of Cyphers in Gui.

    create a configuration option of Cyphers in Gui.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. URL Redirection

    It would be great if it would be possible to redirect certain URLs

    For example:

    www.company.com => www.company.ch/site1
    www.company.com/site1 => www.company.com/newsite

    Thank you :)

    395 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    49 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow customizable block pages for WAF

    Currently the WAF displays a generic HTTP status page (403 "Authentication required") for errors and blocked actions. This really break the general look and feel of the product as they feature no branding whatsoever.

    It would be very nice if these pages feature the same style as the status pages in the rest of the UTM (Email, Web), and if we could offer similar customizability for them.

    This will work two-fold: On the one hand it will make the generic blockpages prettier and more attuned to the rest of the product, and at the same time it will allow organizations…

    28 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Web Application Firewall - change Authentication server on a case-by-case scenario.

    a web application firewall hits the first server in the authentication list. If a domain controller is first, it'll always use that server. However, if I'm using a DUO 2-factor authentication proxy, I want the ability to use DUO on a case-by-case use for web application servers, not all or nothing.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. QoS for Virtual Webservers

    QoS / Throttling the upload for virtual webservers (Web Server Protection). It would be nice if you have many webservers, that you can throttle the upload for each "virtual server"

    exampe: - virtual webserver a (wan) unlimited upload to wan side

              - virtual webserver b (wan) limited upload 10mbit to wan side
    

    that would be realy nice, is it possible?

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable SPDY protocol for reverse proxy feature

    Please add the SPDY protocol to the reverse proxy to enhance HTTPS page load times through the UTM. Both on the client and server side, especially if the back end webserver supports the protocol.

    Thank you

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Site Path Routing: Network Groups in Access Control

    Web Server Protection : Site Path Routing - Access control Lists

    Site Path Routing - Access control should allow Network Groups for management of large ACLs

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. OCSP Stapling Support for WAF

    Please can you Support OCSP Stapling.

    The obvious advantage to OCSP Stapling is the improvement in
    speed and availability of the OCSP certificate status check.

    OCSP Stapling helps maintain the privacy of the end user, since a CA can see which web sites a user has visited (only those web sites that have certificates issued by the CA). If OCSP Stapling is used, the CA will see OCSP requests
    only from the web site, not the web site’s end users.

    Many wi-fi hotspots use Captive Portals to control access to the
    Internet, sometimes requiring entry of a credit card number…

    26 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Web server protection - Add HSTS header support

    Request that the Sophos UTM supports HTTP Strict Transport Security (HSTS). RFC6797 - https://tools.ietf.org/html/rfc6797

    81 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to publish FTP through the WAF

    Having the ability to publish FTP through the WAF instead of direct firewall passthrough, then you could detect and block brute force attacks and such at the sophos.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Configurable HTTPS DH parameter in the Web Application Firewall

    The web application firewall cannot support HTTPS connections by Java 6/7 clients because the DH parameter for HTTPS is set to a value greater than 1024 and this is not configurable.

    For an easy reference for the issue:
    http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile

    The error message the clients will receive is:

    javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

    The only option is to manually add a DH-pair of 1024 or less into the first certificate generated by the sophos device under /var/chroot-reverseproxy/usr/apache/conf/ssl/ (and then, do that every time the configuration changes), or not use the WAF.

    Warnings for those who come across this post: …

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. SSO over WAF

    Planning to replace TMG with other UTM product. Sophos is looking good - but some features is missing which are a must have for me:
    Any change we will se
    * SSO for reverse proxy
    * Link translation like we know it in TMG
    * AD user change password option through rev. auth

    These are the only major issues preventing us from switching to Sophos

    26 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Web Application Firewall - Allow more granular exceptions

    Allow exceptions to be defined more granular. For example allow specific protocol anomalies in HTTP Policy or specific checks in SQL Injection Attacks.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Parallel Usage of VPN(SSL), Userportal and other HTTPS Sites on Port 443

    It would be nice if you could handle it, that we can either use port 443 for VPN (SSL) as also OWA/WAF and(!) Userportal. May this is possible?

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. (Webserver Protection) WAF + (Network Protection) Server Load Balancing.

    It would be great if there was a way to use the WAF but with Server Load Balancer setup in the Network Protection area or at least have the same type of control if not even more types of load balancing controls then there are now.

    As noted in another feature suggestion of having Layer 7 checks in the WAF Load balancer would be great. And I agree. But along those same lines I also have needs to specify load to not be round robin and to weight it. Which you can do to a degree in the Network Protection…

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make RBL list update possible via Pattern update or check their availability

    Recently the Web Server Security reverse proxy experienced timeout problems because "block clients with bad reputation" was active and one of the three internally user DNS RBL lists is down (dnsbl.proxybl.org).

    As the DNS RBL list stuff is not very reliable and often these lists are down due to DOS attacks or lack of administrators, it would make sense to react to such changes very quickly.

    So I suggest making updates of RBL lists using the pattern update mechanism (applies to both SMTP and reverse proxy and maybe Web Security as well).

    Another approach would be to chek the availability…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable Sharepoint2013 encryption in SafeGuard Enterprise

    Enable that SafeGuard Enterprise client can encrypt files on SharePoint sites

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.