SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Server Protection: DoS Protection

    The WAF, based on Apache reverse proxy, if enabled, can become a target for App layer DoS attacks.
    These are easy to execute(tools are publicly available) and the WAF would take the hit rather than the backend web server. Most WAF vendors already implemented protection against such attacks.

    The easiest way to mitigate these attacks can be to use ModSecurity, e.g.:
    http://www.astaro.org/astaro-gateway-products/web-application-security/41078-upgrade-version-modsecurity.html

    Alternatively mod_reqtimeout in combination with some ModSecurity rules can be used; this approach is described in the above link(ModSecurity blog entry).

    Currently, to fend off such attacks, an workaround is to disable the WAF, use a DNAT rule…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Web Application Control - Visitor Messages for Block Events

    Let the user know why they are not able to get to the site/url/application when visiting a site protected by Web Application Security. While difficult, it would be great if Astaro could somehow display feedback or show him a message. (like in URL filtering). (So he would not call support and nag.)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Web Application Security: User-created/Custom Rules

    For those saavy enough to create their own rules, it should be possible to craft and deploy custom ones.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow import of more than one sites in Virtual web server configuration

    Today, this is not possible to import a list of web site in the virtual web server configuration. It could be great to just add an import/export button as we have in many others settings area.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Server Protection: Information stripping from Office Documents

    It would be nice if the UTM could automatically remove metadata and other hidden informations from office documents that users forget to cleanse from files which are offered to download on my servers (i.e. https://office.microsoft.com/en-us/excel-help/find-and-remove-metadata-hidden-information-in-your-legal-documents-HA001077646.aspx)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Adding Time Events to WAS

    Please add Time Events to WAS so it's possible to only allow access within timeframes as is possible in Packet Filter rules.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. HTTPS Reverse Proxy

    When using ASG to terminate SSL sessions (SSL Offloading), it’s sometimes needed to get the client certificate (mutual authentication) and pass some SSL info such as SSL Session IDs and Client-SSL Certificate information (e.g. certificate fingerprint and serial number) inside HTTP header to be used and processed by the protected web applications.
    An example of this use; let’s assume that I have a plain-text web application with certificate-based user authentication, so, it’s necessary to have such features in my WAF appliance.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Email and SNMP Notification for Web Application Firewall

    Add Email and SNMP Notification for Web Application Firewall (HTTP/S Reverse Proxy) when the ASG found a Virus in Web Application Firewall traffic.
    This is very useful for the Network Administrator to find any Security holes.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 4 5 6 8 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.