SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. AWS auto-scaled UTM WAF alerting

    First, its absurd that I have to ask here for basic functionality. Sophos UTM does alerting when attacks against web apps are detected. this does not work in your AWS auto scaled UTM stack. the worker nodes send logs to the queen node, but the queen does not alert on the events in those logs. We would have to use a 3rd party SIEM solution to process the logs. Your AWS auto scaled UTM is incomplete without this functionality and I would like it added.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Web Server Protection: Support for ActiveSync 14.1

    WAF doesn't support ActiveSync 14.1, i.e. after you install SP3 for Exchange 2010, you can't use use WAF to protect your ActiveSync Server anymore. This is poor.

    77 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  5 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Request to add an option to bypass scanning of compressed file in SWA

    Request to add an option to bypass scanning of compressed file in SWA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. original IP clients

    It would be nice if UTM would pass the original IP address of clients who visiting a the web site that is behind the UTM, some reporting application like webtrends dont understand the custome filed (X- Forwader) and this app need the field with client oraginal IP address to create a correct graf to show the hits on a website.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Restrict HTTP Methods based on paths

    Restrict HTTP Methods based on paths,

    We want to allow only GET methods to
    http://servername/servicepath/*

    But we want to allow GET and POST to
    http://servername/servicepath/servicepath2/*

    So any attempts to make POSTs to any sub-paths except /servicepath2 will be blocked. Fairly easy to do on ISA via the HTTP filter settings
    and would be good if we could achieve the same with UTM.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. WebSocket for XG Appliance

    Make the Sophos XG Firewall to work with WebSocket

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make Web Application Firewall Site Path Routing case insensitive.

    Site Path Routing should have an option to treat the path in a case neutral manner.

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. WebServer Protection: Allow for larger upload handling

    For web sites with larger uploads (e.g. ownCloud) there is currently a 128MB (134217728 byte) limit in Web Server protection, the so called request body limit in ModSecurity.
    Please add the possibility to configure this parameter (it's "SecRequestBodyLimit" in the Apache config) to allow larger uploads to sites protected by WAF.

    51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. 2FA form for Reverse proxy

    UTM doesn't support a Reverse authentication 2FA with third party OTP radius AaaS providers (Eg:Safenet). It would be good if this feature can be included in the next release.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. WAF GeoIP or ACL intergration.

    Publishing a web server and limiting it to GEO location using WAF.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. WebAdmin to use CA's from the default CA store

    Currently most web services published from the UTM make use of the Certificate Authorities uploaded by the user in the CA store (Webserver Protection >> Certificate Management >> Certificate Authority). However, the WebAdmin service uses its own CA (which affects also User Portal and SPX encryption pages).

    The self-signed CA that is generated during installation remains in the apache directory and becomes redundant if the user wishes to upload a publicly signed certificate from a trusted company (eg. Thawte, VeriSign, Comodo etc.). Even though the user uploads the CA certs from the trusted company into the CA repository, the WebAdmin…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. notification for expiring certificate

    Notification for expiring installed certificate under Webserver Protection - Certificate Management. Could be either thru email notification or thru the UTM dashboard.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. create a configuration option of Cyphers in Gui.

    create a configuration option of Cyphers in Gui.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong cat

    Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong category.

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reverse Proxy TTL for backend hosts

    It would be incredibly useful to have the ability to add the TTL to the web application firewall for reverse proxy connections.

    This is particularly critical in AWS environments where the "Real Webserver" is an Elastic Load Balancer.

    Sometimes when the ELB IP addresses update, the reverse proxy continues to use the cached IP address and will not lookup the IP's again until the Virtual Web Server is restarted

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. add customisable error messages

    Add custom error messages for when problems occur (also providing a useful error message/reason).

    We had some clients getting 403 Forbidden when connecting to our website, and it looks very unprofessional.

    A company branded page telling the user they have been blocked due to their IP having a bad reputation. (as per our last problem) would be great

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. WAF: Multiple domain support for non-wildcard SSL certificate

    WAF: Allow add multiple domain when use non-wildcard certificate

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. QoS for Virtual Webservers

    QoS / Throttling the upload for virtual webservers (Web Server Protection). It would be nice if you have many webservers, that you can throttle the upload for each "virtual server"

    exampe: - virtual webserver a (wan) unlimited upload to wan side
    - virtual webserver b (wan) limited upload 10mbit to wan side

    that would be realy nice, is it possible?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Virtual Webserver - Wildcard SSL Import Domains

    When using a wildcard SSL certificate, I would like the ability to import a list of domains on a virtual webserver. This is possible on a HTTP virtual webserver, but not when on the HTTPS one. We have a wildcard web development environment and have multiple servers with 50+ sub-domains on each server. Currenlty, we have to manually enter every single domain since the import functionality is not on the HTTPS virtual servers.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Configurable HTTPS DH parameter in the Web Application Firewall

    The web application firewall cannot support HTTPS connections by Java 6/7 clients because the DH parameter for HTTPS is set to a value greater than 1024 and this is not configurable.

    For an easy reference for the issue:
    http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile

    The error message the clients will receive is:

    javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

    The only option is to manually add a DH-pair of 1024 or less into the first certificate generated by the sophos device under /var/chroot-reverseproxy/usr/apache/conf/ssl/ (and then, do that every time the configuration changes), or not use the WAF.

    Warnings for those who come across this post: …

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.