SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Server Protection: Honeypot Profiling (Intrusion Deception)

    Have the WAF add harmless, yet tempting targets to sites it is protecting, and then blacklist or punish who takes advantage of them.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Web Server Protection: Transparent reverse proxy

    Please provide the option to use reverse proxy also with transparent mode. This way permits to have the real remote host IP traced on the web server log files instead of the IP of the firewall. Now without transparent mode, every web analyzer software is not able to give real traffic reports...

    49 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add ACL Support for Web Application Firewall

    Though it isn't the best form of security, adding the capability to specify at least an allowed source object for access through the WAF would be beneficial to many. Even if it was in the form of the same allowance as the NTP, DNS, SMTP, POP3, FTP, HTTP and HTTPS proxies (where you just specify sources that are allowed to use the service and not a particular site). I don't have sites hosted that I want visible to the whole world, just a particular subset of hosts. I can use DNAT rules to accomplish this, but they don't offer ModSecurity-based…

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. please filter outlook anywhere (rpc over https) in the waf. just pass is a big security risk!

    From the Online Help. Microsoft Outlook traffic will not be checked or protected by the WAF! Please implement a filter so that we can publish Outlook anywhere in a secure manner.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Extend Security for Microsoft Exchange OWA 2010 Publishing

    The strong security features like URL-hardening, cookie-signing and form-hardening are still not available with owa newer than 2003. The knowledgebase just told me, to deactivate those feature. But they are important for higher security level.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Reverse Proxy: Authentication Offloading like TMG

    will there be a feature like Authentication / captive portal (e.g. the proxy settings"transparent with authentication" ) for enabling a reverse proxy?
    This would be so usfull for small installations with no frontend exchange / DMZ.
    (juniper calls this "webauth" )

    179 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo Comazzetto responded

    We are hard at work on this feature and will deliver the first implementation of front end authentication as part of our Web Server protection (reverse proxy) in UTM 9.2. The public beta will begin in October. Stay Tuned!

  7. Web Server Protection: Regular Expressions (REGEX) Filtering

    I d like to have the ability to add regular expressions in WAF Profiles just like in the normal WebSecurity.
    For example allow String "user=BGates" but not "user=BClinton"

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Web Server Protection: Guard against "Insecure Crytographic Storage" by adding an HSM

    Integrate the WAF with HSM so the OWASP "Insecure Cryptographic Storage" concern can be addressed.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Improve web load balancing healthchecks

    Can we please get Layer 7 http health-checks when using the WAF? We'd like to look at http response code on a configured object and/or match some text received in a response.

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Web Server Protection: "Sticky" sessions between HTTP and HTTPS

    It is possible to have sticky sessions using the WAF, however, in our e-commerce websites, we use both HTTP & HTTPS. Sticky sessions work only during the HTTP session, and when the user changes to an HTTPS links a new server may be assigned. Sometimes we can loose the session as a result.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to tune & define WAF rules

    The ability to have fine-grained control over which WAF rules report & block would make it far easier to perform a gradual implementation. Custom WAF rules would allow users to use the UTM for "external patching" - mitigating known vulnerabilities when it is not possible to patch the application immediately.

    This would need to be combined with the ability to report and alert on WAF blocks & triggers to be useful.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Web Server Protection: Rate limiting for anti-d/dos protection

    The WAF should have rate limiting functionality to protect against DoS attacks. This could take the form of blocking or slowing down connections from a certain IP if >X number of requests have been received over a certain time period.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Server Protection: Error page / re-direct if all servers offline

    The web load balancing component (under the WAF section) should be able to spot if all servers are offline and deliver a user-configurable "sorry page".

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable transparent use in bridged mode

    I have a new client that's a hosting facility. At present, there are hundreds of websites with existing IPs, DNS entries, etc. It's not practical to protect these existing sites because of the requirement that a Virtual Server use an IP on the arriving interface.

    We attempted to go around this by running all of the traffic to a test server through the UTM in bridged mode. We tried using a DNAT to direct the traffic back to the bridged interface with the address of the bridge. This didn't work because the REDIRECT capability isn't configurable in WebAdmin (per Development).

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Web Application Firewall: Time-based Rulesets/Events

    More and more customers see a need in restricting their (internal) webservices (owa/active sync for example) to business hours only to ensure occupational safety and health guidelines or even laws.

    We/our customers would greatly appreciate a feature like this added into the WAF of ASG/UTM, some option where you choose to make certain services available only at specific times.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Web Server Protection: Display In-Line reporting

    The web load balancing component (under the WAF section) should contain a status page showing number of ongoing requests, recently blocked requests, web server health check status & response time.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Web Server Protection: Image Optimization by Scaling / Compression

    Al-la the packeteer days, it would be great to not need to use an upstream proxy to achieve Image scaling/compression for our low bandwidth applications.

    It would be preferable to have this built into our Astaro/UTM and remove the need for another device to manage.

    Being able to specify the level of compression/scaling for different clients, device/agent types, or browsers would also be awesome!

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Web Application Security: Block access to specific URLs

    Right now i'm trying to use the Astaro WAS for a setup, where we normally would use a linux server with apache configured as reverse proxy.
    In this constellation we could block the access on some URLs from the outside via simple "Order deny" directives on the reverse proxy.
    As far as i can see there's no similar option on the Astaro.
    The URL Hardening feature is no option for us here, as you can do only whitelisting with that.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Server Protection: Max File Upload Size

    It would be nice to limit the maximum file size that could be uploaded.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. WAF - limit skipped rule-ID to ip and networks

    We have the possibility to skip certain rule-ID in the WAF-Firewall-Profiles. Normally we are doing this for known visitor hosts or networks. We need an extra function to limit the skipping to host an networks or any network object the asg knows.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.