SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Authentication: Single-Sign On for Astaro Authentication Agent

    Expand the Astaro Authentication Agent to (optionally) use the currently logged on Windows credentials instead of manually entering credentials.

    221 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      19 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    • support Radius challenge response

      We needed it for 2fA support with SMS PASSCODE

      94 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • Authentication: Support UserPortal Logins with "username@domain.com"

        Allow users to login to the User Portal with username@domain.com when joined to an Active Directory Domain

        Currently the users must login with their AD username only, using their email address does not work.

        89 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
        • Authentication: Delete UTM user-object when deleted from backend server

          When we remove a user from our LDAP Directory (namely eDirectory or ActiveDirectory) the User in UTM is untouched. It would be nice if the UTM could know about this and purge its matching user-object as well. (Or display us a report of users who are no longer seen on the backend server so we could trigger a delete periodically).

          70 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
          • Authentication: Create Certificate Signing Request CSR

            Generate a Certificate Signing Request CSR with ONE CLICK

            67 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • Authentication: Web Filter User-to-IP Mapping

              We need the user's ip mapping. Once a user is authenticated against the http proxy, the user source ip should be mapped in the user's object, so that we can create policy per user

              61 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                Under Review  ·  11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • Authentication: Multiple Single Sign-On (SSO) Servers

                It would be nice to choose a server group with more than 1 SSO Server to authenticate HTTP profiles.

                56 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • Authentication: Change backend AD password in UserPortal

                  A active directory user (external users) can change the password on userportal or the support can activate the "User must change password at next logon" in AD and his must change the Password on userportal.

                  43 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • Authentication: Configurable RADIUS timeout

                    The RADIUS timeout setting is hardcoded, and can't be adjusted from the UI. Third part two factor authentication systems like PhoneFactor use "out of band" methods to complete authentication. Such schemes can take 20-30 seconds to complete an Auth. With the current hardcoded RADIUS timeout Astrado is not compatible with these solutions as the timeout needs to be set appropriately.

                    36 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                    • You enable 2 factor authentication options with Duo Security

                      When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

                      33 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                      • Authentication: LDAP Group Support

                        It would be nice, if a LDAP-User can authentificate through a LDAP-Group.

                        32 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          10 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                        • AuthenticationAD OU and Group Synchronization

                          With more companies using the NSG platform for Web, Email and Endpoint Management, having the ability to import OU's and Groups become more important for policy management and reporting.

                          Having granular policy control for Web use or Email DLP is very important for both public and private sector businesses. Most mid - large businesses require a level of departmental reports, typicaly based on users being members of particular groups or OU's.

                          For more than a few hundred machines, endpoint policy control is easier with the ability to group and apply machines based on how they are grouped in AD -…

                          28 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                          • Authentication: SSL-Encryption for Proxy Fallback Login

                            Please make the proxy authentication encrypted if the client does not support eDirectory SSO. Actually user and password are sent in human-readable cleartext.

                            Same thing for the transparent proxy with authentication. The login form is provided via http... Why not https?

                            27 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              Under Review  ·  7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • Integrate EAS proxy into the UTM

                              The EAS proxy could be delivered as part of the Sophos UTM as the UTM is usually deployed at the permiter. Proxy configuration should remain in SMC though.

                              26 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • Authentication: Routing Authentication per Domain

                                It's important to have a chance in big customers the chance to route authentication process in base of domain name. it would an improvement about what there is already available. Example: users@gabriele.com will be authenticated by radius on server1; if authentication fail, users@gabriele.com will be authenticated by Active directory on server2. ecc.

                                Very efficient in big environment.

                                25 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                • Change the Active Directory login behavior with multiple DCs

                                  With the current code handling the Active Directory authentication of users, if you add multiple domain controllers as authentication sources, any error with the user's authentication will cause the authentication to be attempted on the next DC.

                                  Unfortunately, this is also the case with failed passwords. The LDAP protocol has a built-in error message to tell the client that the failure was due to a bad password and not a server or communication issue (LDAPMessage bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)).

                                  This causes issues when users make mistakes on their passwords, it causes the AD…

                                  24 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Notifications: Login of SSL VPN User

                                    Email Notifications for Login SSL VPN User (Remote Access)

                                    22 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      7 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Global Bot / Script Kiddie / Brute Force IP Blacklist

                                      Sophos should maintain a blacklist of Bots / Script Kiddies / Brute Force attackers based on big data of failed logins on UTM's.

                                      Problem to solve:
                                      There are lot of (often automated) login attempts to the different publicly available UTM facilities as SMTP (authenticated relaying), User Portal, Webadmin, SSH, Reverse Proxy. On my UTM I have for example since weeks a ongoing brute force attacks on the smtp proxy, as authenticated relaying is allowed on it. Blocking those bots after 5 attempts helps only marginal, as they automatically switch to other bots (new IP) and continue the brute force attack.…

                                      20 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add optional PIN entry field for two-factor authentication

                                        There are really two big issues I have with the two factor authentication implementation. The first is that no where in the setup for the user is there any information or instruction as how to use two factor authentication. Every other two factor authentication that I have used has had a separate box for putting in the random code. I only learned about how to properly use two factor authentication after calling support and being informed that I needed to append the randomly generated code to the end of my password to which I say "Really! and you arn't going…

                                        19 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          5 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Authentication: Additional LDAP Attributes Support

                                          Add a configuration option for adding a query filter attribute for additional email-addresses for user settings.
                                          like searching for email destination (|(mail=%s)(otherMailbox=%s))

                                          Its easier to maintain email-aliases like info@domain.tld in central directory.

                                          Also, other attributes like First and Last name should be selectable if possible

                                          18 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.