SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Let's Encrypt Integration

    It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
    Best Regards

    1,641 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  290 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Webserver Protection: Redirect HTTP to HTTPS

    One of the most important problems of the website users is, when they want to open the page that is HTTPS, they forget to type HTTPS at the beginning of the address and the request is sent via HTTP. Therefore they can not view the page successfully. If the "URL redirection" feature will provided on Sophos UTM or WAF it is possible to automatically redirect all HTTP requests to HTTPS before the request reaches to the real web server. This will solve the problem of the website users.

    131 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Web Server Security: Support for Wildcard Domain Routing

    It would be great, if you could add " *.domain.com " in WAF.
    So that you dont need to add every single FQDN for every site.

    47 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Source IP restriction for website / paths

    Please implement the ability to restrict access to specific paths on a website to defined source IP's. Usually this has been done on the webserver, but NAT'ting of the Webserver Protection breaks this feature on webservers (sees the internal IP of UTM instead of public source IP).

    Usage Examples:

    a)
    Website globally allowed
    path /administrator only allowed to defined source IP's

    b)
    Partner hosts a private company Website - should anly be accessible from Company public IP's
    path / only allowed to defined source IP's

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Application Security: Support Domain Certificates (Wildcard)

    Currently in the Web Application Firewall it is not possible to create a catch all domain that will manage all unknown adresses.

    Let's say you work as a web host and want you're customer to access their web site under user.webhost.com ... It would be great to have a *.webhost.com that would catch all unspecified address and forward it to the web server

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    As Elmar mentions this was completed in 8.103 and enhanced in 8.200 with SAN support. Ensure your URL hardening lists are setup correctly, as URL hardening needs the concrete domain in the URL listings.

  6. Web Application Security: Outlook Anywhere Support

    We need an Outlook Anywhere connection over the Web Application Firewall to secure the Exchange 2010 Server. Currently it is not possible to forward the RPC Requests through the WAF. A NAT rule is not secure enough.

    483 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    78 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. The Web Server Protection (WAF) area has been upgraded with new features to allow the handling of the Outlook Anywhere Protocol. Enjoy!

  7. WAS: Sticky sessions

    Please add session stickyness to the reverse proxy loadbalancer

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Running WAS together with SSL VPN

    If trying to configure WAS for https when having SSL vpn enabled on port 443 this can not be done, resrict SSL VPN to one interface / adress to avoid this issue

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This is already possible, via the “settings” tab of SSL VPN. If you look into the Online help, you will find

    “Interface Address: Default value is Any. When using the web application firewall you need to give a specific interface address for the service to listen for SSL connections. This is necessary for the site-to-site/remote access SSL connection handler and the web application firewall to be able to differentiate between the incoming SSL connections.”

    Hope that helps!

  9. Web Application Security: Path Based Routing

    I'd like to have a redirecting feature in the reverse proxy, where I:
    a) can redirect a request to a specific path (as root path /) of a website to a specific startpath as https://owa.mydomain.tld ==> https://owa.mydomain.tld/exchange
    b) redirecting disallowed entry point URL's (by URL hardening) or non existing folders to a defined path (where I may store a custom errorpage or simply redirect such requests to a working entry point)

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Reverse Proxy support for SAN certificate

    Especially when using Microsoft Exchange with Outlook Anywhere and OWA it is common to use a SAN certificate. At the moment the Reverse Proxy does not recognize the SubjectAlternativeName-Field of the used certificate when securing HTTPS traffic. A support for this type of certificate would be greatly appreciated.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Refuse connections from known anonymous proxies

    Banks in Australia want the ability for the WAF to refuse connections from known anonymous proxies.

    While there would still be many ways to circumvent this and still connect anonymously the Banks control the compliance landscape so it would be good to be able to comply with their requirements.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. HTTP Reverse Proxy

    Add a Reverse proxy to ASG which is mainly requested for securing OWA as customers do not want to put it directly onto the internet. - some customers ask for Authentication prior allowing access - other customer want SSL-Offloading - third want Webseite security by preventing Cross site scripting and SQL injection..

    207 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.