SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WebServer Protection: GZIP encoding of proxied HTTP traffic

    The WAF strips the Accept-Encoding header from client requests, which is fine, as compression is not generally useful between the origin server and the proxy. However, it doesn't use the header itself, either. It doesn't compress proxied traffic before returning it to the client. Interestingly, pages generated by the WAF itself (such as error documents) are compressed. Only the proxied content remains uncompressed, and this can have a substantial impact on page speed.

    26 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Webserver Protection & Citrix Support

    Would love to have Citrix supported with the reverse proxy.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Websites Lists - Filter Actions

    Currently the Websites lists in a Filter Action is only available in one Filter Action. When you remove the Websites List it cannot be created with the same name across any of the filter actions.

    Ideally you should be able to totally remove a Websites List as well as assign the exact same Websites List (with all the same Websites and any future changes) to multiple Filter Actions. I would suggest this has significant benefit to large business; more specifically education. Schools want to be able to add a Website list to all students for block/allow but still keep individual…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Web Applikation Firewall: Web-Access for Remote Desktop

    Please add Web-Access for Remote Desktop-Feature for Win2012 R2 to the WAF and make it working with an additional OTP-Formbased-Auth.

    Would be very very great!

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. web application firewall rewrite rules


    • Change the Rewrite from domain.de/ to domain.de/index.php with site path routing activated.

    • WAF rewrite rules for files like .php or .xml

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Auto Blacklist IPS from WAF/IDS triggers

    I have had an IP trigger 4 separate WAF rules.
    SQL Comment Sequence Detected.
    Detects classic SQL injection probings 1/2
    SQL Injection Attack: Common Injection Testing Detected
    SQL Injection Attack: SQL Operator Detected

    This guy is up to no good, I could see perhaps 1, but 4?
    It would be nice after X amount of triggers or X type of triggers in X time. The IP is added to a black list.

    We could view this list of auto banned IPs and get information like Who/what/where/when/how and decide to leave them on the list, remove them, or change the ban…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow more detailed modifying of UTM WAF rules and behaviour. (ModSecurity function)

    UTM preventing some internet traffic going to e.g. apache linux servers due to escaping of the \ which is required for all systems to be able to identify a character such as $ or @.
    When this happens using multiple layers of backslash escaping, Sophos treats this as an SQL Injection. There is currently no way of modifying this behaviour legally, and you need to enter SQL Injection Bypasses on particular pages on your Apache hosted site, which is not optimal.

    Giving end user some more power on what should and should not be captured via an advanced profile option,…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Single Sign On for web applications similar to what Forefront can do.

    Forefront can provide SSO for multiple web applications. I'd like to see a similar feature in UTM 9.
    For example:
    An agent signs into www.insurancecompany.com and clicks a link to www.insurancecompanyagents.com, the agent won't be prompted again for authentication because of the SSO policy for the two sites.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Drain stop real servers in WAF

    When one would remove / disable a real server in WAF, all connections are immediately killed. It would be nice if there is an option to drain a real server. So WAF would stop sending new connection to that real server, but established connection would continue until they're terminated by client/server.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. make it possible to disable weak encryption algorigths

    Make it possible to disable encryption algorithms.
    The WAF accept weak RC4 algorithms it would be nice if we could disable them.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add log off code for web applications using reverse authentication

    Forefront has the ability log off clients using "?cmd=logoff" in the web applications code for logging off. This would be nice to have so clients can log off the site with cookie deleted or request to close the browser.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Link translation with custom dictionary - like TMG has in a web publishing reverse proxy role

    Today I publish sap portal through TMG. To accomplish that publishing through a reverse proxy, I need to be able to replace sap specific code such as; 80&#x2f with 443&#x2f and http&#x3a with https&#x3a. This makes our webdynpro's work. These text replacing techniques are called custom dictionaries in TMG.

    Basically TMG goes through the entire page as its delivered to the end user's browser and changes this code on the fly. I use link translation for other situations too so I would love to see this feature added. Thank you.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. WAF: Filtering IP-Adresses for an network interface

    WAF only let us chosse an network interface for the virtuel server to communicate to the Internet. No further filtering, e.g. a Firewall Rule for defined IP-Adresses that can connect to the network interface, ist possible.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Need to set up 2FA

    Can you set up Web Application Firewall section to allow reverse proxied sites to use 2FA but not the one time password used by the UTM. Namely we use Vasco fobs as a Corporate Solution and would like one site to use this facility to authenticate but not the other web sites we reverse proxy.
    Thanks

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to renew certificates in Web Application Security

    Now it's quite a hassle to renew existing certificates in the web application security section. Have the option during upload of the new certificate to replace the existing certificate with the same common name.

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Web Application Security: White / Blacklist Support for Visitor IP's

    I would like to see an option to deny or allow certain ip adresses that can access the webservers. Not only based on country but on the ip adres itself.

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Server Protection: Allow Uplink Interfaces and Interface Groups in Virtual Web Server configuration

    The title says it all. In WAF, allow the Primary Uplink Addresses object to be used as an interface options for those with multiple WAN links and Uplink Balancing/Standby Interfaces for failover.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. ip filtering web application firewall

    Have the ability to specify which source networks, hosts are allowed to access a published website. This way we can add the IP-restrictions on the UTM box itself for a specific site instead of having to do this on the webserver hosting the site itself.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.