SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Application Security: White / Blacklist Support for Visitor IP's

    I would like to see an option to deny or allow certain ip adresses that can access the webservers. Not only based on country but on the ip adres itself.

    35 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Web Server Protection: Allow Uplink Interfaces and Interface Groups in Virtual Web Server configuration

    The title says it all. In WAF, allow the Primary Uplink Addresses object to be used as an interface options for those with multiple WAN links and Uplink Balancing/Standby Interfaces for failover.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. ip filtering web application firewall

    Have the ability to specify which source networks, hosts are allowed to access a published website. This way we can add the IP-restrictions on the UTM box itself for a specific site instead of having to do this on the webserver hosting the site itself.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Web Server Protection: Honeypot Profiling (Intrusion Deception)

    Have the WAF add harmless, yet tempting targets to sites it is protecting, and then blacklist or punish who takes advantage of them.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Server Protection: Transparent reverse proxy

    Please provide the option to use reverse proxy also with transparent mode. This way permits to have the real remote host IP traced on the web server log files instead of the IP of the firewall. Now without transparent mode, every web analyzer software is not able to give real traffic reports...

    49 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add ACL Support for Web Application Firewall

    Though it isn't the best form of security, adding the capability to specify at least an allowed source object for access through the WAF would be beneficial to many. Even if it was in the form of the same allowance as the NTP, DNS, SMTP, POP3, FTP, HTTP and HTTPS proxies (where you just specify sources that are allowed to use the service and not a particular site). I don't have sites hosted that I want visible to the whole world, just a particular subset of hosts. I can use DNAT rules to accomplish this, but they don't offer ModSecurity-based…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. please filter outlook anywhere (rpc over https) in the waf. just pass is a big security risk!

    From the Online Help. Microsoft Outlook traffic will not be checked or protected by the WAF! Please implement a filter so that we can publish Outlook anywhere in a secure manner.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend Security for Microsoft Exchange OWA 2010 Publishing

    The strong security features like URL-hardening, cookie-signing and form-hardening are still not available with owa newer than 2003. The knowledgebase just told me, to deactivate those feature. But they are important for higher security level.

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Reverse Proxy: Authentication Offloading like TMG

    will there be a feature like Authentication / captive portal (e.g. the proxy settings"transparent with authentication" ) for enabling a reverse proxy?
    This would be so usfull for small installations with no frontend exchange / DMZ.
    (juniper calls this "webauth" )

    179 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo Comazzetto responded

    We are hard at work on this feature and will deliver the first implementation of front end authentication as part of our Web Server protection (reverse proxy) in UTM 9.2. The public beta will begin in October. Stay Tuned!

  10. Web Server Protection: Regular Expressions (REGEX) Filtering

    I d like to have the ability to add regular expressions in WAF Profiles just like in the normal WebSecurity.
    For example allow String "user=BGates" but not "user=BClinton"

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Web Server Protection: Guard against "Insecure Crytographic Storage" by adding an HSM

    Integrate the WAF with HSM so the OWASP "Insecure Cryptographic Storage" concern can be addressed.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Improve web load balancing healthchecks

    Can we please get Layer 7 http health-checks when using the WAF? We'd like to look at http response code on a configured object and/or match some text received in a response.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Server Protection: "Sticky" sessions between HTTP and HTTPS

    It is possible to have sticky sessions using the WAF, however, in our e-commerce websites, we use both HTTP & HTTPS. Sticky sessions work only during the HTTP session, and when the user changes to an HTTPS links a new server may be assigned. Sometimes we can loose the session as a result.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to tune & define WAF rules

    The ability to have fine-grained control over which WAF rules report & block would make it far easier to perform a gradual implementation. Custom WAF rules would allow users to use the UTM for "external patching" - mitigating known vulnerabilities when it is not possible to patch the application immediately.

    This would need to be combined with the ability to report and alert on WAF blocks & triggers to be useful.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Web Server Protection: Error page / re-direct if all servers offline

    The web load balancing component (under the WAF section) should be able to spot if all servers are offline and deliver a user-configurable "sorry page".

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable transparent use in bridged mode

    I have a new client that's a hosting facility. At present, there are hundreds of websites with existing IPs, DNS entries, etc. It's not practical to protect these existing sites because of the requirement that a Virtual Server use an IP on the arriving interface.

    We attempted to go around this by running all of the traffic to a test server through the UTM in bridged mode. We tried using a DNAT to direct the traffic back to the bridged interface with the address of the bridge. This didn't work because the REDIRECT capability isn't configurable in WebAdmin (per Development).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Web Application Firewall: Time-based Rulesets/Events

    More and more customers see a need in restricting their (internal) webservices (owa/active sync for example) to business hours only to ensure occupational safety and health guidelines or even laws.

    We/our customers would greatly appreciate a feature like this added into the WAF of ASG/UTM, some option where you choose to make certain services available only at specific times.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Web Server Protection: Display In-Line reporting

    The web load balancing component (under the WAF section) should contain a status page showing number of ongoing requests, recently blocked requests, web server health check status & response time.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Server Protection: Image Optimization by Scaling / Compression

    Al-la the packeteer days, it would be great to not need to use an upstream proxy to achieve Image scaling/compression for our low bandwidth applications.

    It would be preferable to have this built into our Astaro/UTM and remove the need for another device to manage.

    Being able to specify the level of compression/scaling for different clients, device/agent types, or browsers would also be awesome!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Application Security: Block access to specific URLs

    Right now i'm trying to use the Astaro WAS for a setup, where we normally would use a linux server with apache configured as reverse proxy.
    In this constellation we could block the access on some URLs from the outside via simple "Order deny" directives on the reverse proxy.
    As far as i can see there's no similar option on the Astaro.
    The URL Hardening feature is no option for us here, as you can do only whitelisting with that.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.