SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Server Protection: Support for ActiveSync 14.1

    WAF doesn't support ActiveSync 14.1, i.e. after you install SP3 for Exchange 2010, you can't use use WAF to protect your ActiveSync Server anymore. This is poor.

    78 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  5 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Request to add an option to bypass scanning of compressed file in SWA

    Request to add an option to bypass scanning of compressed file in SWA

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. original IP clients

    It would be nice if UTM would pass the original IP address of clients who visiting a the web site that is behind the UTM, some reporting application like webtrends dont understand the custome filed (X- Forwader) and this app need the field with client oraginal IP address to create a correct graf to show the hits on a website.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Restrict HTTP Methods based on paths

    Restrict HTTP Methods based on paths,

    We want to allow only GET methods to
    http://servername/servicepath/*

    But we want to allow GET and POST to
    http://servername/servicepath/servicepath2/*

    So any attempts to make POSTs to any sub-paths except /servicepath2 will be blocked. Fairly easy to do on ISA via the HTTP filter settings
    and would be good if we could achieve the same with UTM.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. edit HTTP Header

    Edit or hide HTTP Headers such as the Server Header.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make Web Application Firewall Site Path Routing case insensitive.

    Site Path Routing should have an option to treat the path in a case neutral manner.

    61 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. WebServer Protection: Allow for larger upload handling

    For web sites with larger uploads (e.g. ownCloud) there is currently a 128MB (134217728 byte) limit in Web Server protection, the so called request body limit in ModSecurity.
    Please add the possibility to configure this parameter (it's "SecRequestBodyLimit" in the Apache config) to allow larger uploads to sites protected by WAF.

    53 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. 2FA form for Reverse proxy

    UTM doesn't support a Reverse authentication 2FA with third party OTP radius AaaS providers (Eg:Safenet). It would be good if this feature can be included in the next release.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. WebAdmin to use CA's from the default CA store

    Currently most web services published from the UTM make use of the Certificate Authorities uploaded by the user in the CA store (Webserver Protection >> Certificate Management >> Certificate Authority). However, the WebAdmin service uses its own CA (which affects also User Portal and SPX encryption pages).

    The self-signed CA that is generated during installation remains in the apache directory and becomes redundant if the user wishes to upload a publicly signed certificate from a trusted company (eg. Thawte, VeriSign, Comodo etc.). Even though the user uploads the CA certs from the trusted company into the CA repository, the WebAdmin…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong cat

    Enable Web Application Firewall support to specify cipher strengths it can accept. Either cipher-by-cipher basis or on a weak/med/strong category.

    67 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Reverse Proxy TTL for backend hosts

    It would be incredibly useful to have the ability to add the TTL to the web application firewall for reverse proxy connections.

    This is particularly critical in AWS environments where the "Real Webserver" is an Elastic Load Balancer.

    Sometimes when the ELB IP addresses update, the reverse proxy continues to use the cached IP address and will not lookup the IP's again until the Virtual Web Server is restarted

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. add customisable error messages

    Add custom error messages for when problems occur (also providing a useful error message/reason).

    We had some clients getting 403 Forbidden when connecting to our website, and it looks very unprofessional.

    A company branded page telling the user they have been blocked due to their IP having a bad reputation. (as per our last problem) would be great

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. WAF: Multiple domain support for non-wildcard SSL certificate

    WAF: Allow add multiple domain when use non-wildcard certificate

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. WAF - TLS 1.2 support

    The WAF should support the latest version of TLS, and be secure against BEAST and CRIME exploits.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Virtual Webserver - Wildcard SSL Import Domains

    When using a wildcard SSL certificate, I would like the ability to import a list of domains on a virtual webserver. This is possible on a HTTP virtual webserver, but not when on the HTTPS one. We have a wildcard web development environment and have multiple servers with 50+ sub-domains on each server. Currenlty, we have to manually enter every single domain since the import functionality is not on the HTTPS virtual servers.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. MDM based access through Reverse Proxy

    With MDM (as a service) being connected to a UTM it would be good to be able to set up a Reverse Proxy (WAF) profile as counterpart. I.e.: only devices allowed by MDM may pass to ActiveSync.

    This way it would not be necessary to set up a dedicated machine for this task and DNAT rule (and you can still use 443 for other webservers as well on the same IP).

    This way UTM and MDM would benefit (UTM being more value to MDM SaaS customers). This will greatly emphasize Sophos product interconnection.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Web Server Protection: Rate limiting for anti-d/dos protection

    The WAF should have rate limiting functionality to protect against DoS attacks. This could take the form of blocking or slowing down connections from a certain IP if >X number of requests have been received over a certain time period.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Let you utilize different web servers depending on URL folder path

    Microsoft ISA Server 2006 lets you configure separate protected web servers for any URL folder path. I liked that, because it made the entrypoint simple – everything was based on the path name, not the server name. Any chance you would add this functionality to your product to make it cover what Microsoft’s ISA server could do? See call #5242748 for more info.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable the use of the WAF as a front end for Remote Desktop Gateway.

    Include RDG over HTTP in the webserver protection firewall in a similar way to allowing Outlook Anywhere. to allow the use of Remote Desktop Gateway services, including the remote apps feature within /rdweb. Currently the HTTP based traffic is passed fine however when attempting to negotiate the use of a remote app the WAF resets the connection due to RDGOUTDATA not being a valid header. Would if be possible to pass this traffic uninspected as you do with RPC.

    Thank you.

    Mark

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Outlook anywhere connection with WAF for Mac Clients

    At the moment, there is no support for Outlook Anywhere connections on Mac clients. Please make Outlook anywhere connection work with the WAF.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.