Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Reverse Proxy: Authentication Offloading like TMG

will there be a feature like Authentication / captive portal (e.g. the proxy settings"transparent with authentication" ) for enabling a reverse proxy?
This would be so usfull for small installations with no frontend exchange / DMZ.
(juniper calls this "webauth" )

176 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Thomas BeerThomas Beer shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo ComazzettoAngelo Comazzetto responded  · 

    We are hard at work on this feature and will deliver the first implementation of front end authentication as part of our Web Server protection (reverse proxy) in UTM 9.2. The public beta will begin in October. Stay Tuned!


    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      • MarkDMarkD commented  ·   ·  Flag as inappropriate

        Unfortunately the UTM 9.2 only has the option for Basic Authentication to the Real webserver. You really need to support Kerberos and even Kerberos Constrained Delegation to accomodate a wide range of Microsoft Implementations.

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        2-factor Forms based auth would be nice - ie. AD creds & radius lookup for RSA token (the citrix access gateway can do this)

      • commented  ·   ·  Flag as inappropriate

        I too would like to see forms based authentication on the UTM. It would be nice to have users authenticated before entering the network for sites like SharePoint.

      • Aaron BugalAaron Bugal commented  ·   ·  Flag as inappropriate

        Given the demise of ISA and TMG; many organisations are using Forms Based Authentication over SSL provided by the TMG to the world. Once a user is authenticated to a backend (typically AD), an SSO action is performed against the Exchange Client Access Service; presenting au authenticated Outlook Web Access session.

        Currently, with the Sophos WAF, we simply publish the CAS; however, the issue is that in some cases SSL certificates are NOT used, as the TMG only requires SSL from external and then internally requests OWA content via HTTP.
        As such, our current implementation requires those customers to configure the IIS server sustaining the OWA/CAS system with an SSL certificate that is publically verifiable.

      • Tim BauerTim Bauer commented  ·   ·  Flag as inappropriate

        Would love to see this! If you implement a working solution, which will publish a captive portal using ldap for auth and redirects the credentials directly to the Outlook Web Access (standardauth), you could be the only real alternative for microsofts TMG. There is no solution out there, which handles the owa auth that well.... we have many customers asking for this.

      • EddyEddy commented  ·   ·  Flag as inappropriate

        I woud love to see this feature to be implemented ASAP.
        I hope the next version will have it.

      • Ludovic PenyLudovic Peny commented  ·   ·  Flag as inappropriate

        This feature can also be a good workaround for HTTP resources we would like to publish in the HTML5 portal but that are limited to 1 user (and we don't want to define x times the same resource).

      • netman_71netman_71 commented  ·   ·  Flag as inappropriate

        hi together,

        this feauture is very important, we have many requests for searching a tmg alternative especially owa publishing and controll access for different user groups.
        how many votes needed to force this request ?


      • Martin HerbertMartin Herbert commented  ·   ·  Flag as inappropriate

        Please as soon as possible!! That would be a great feature for the ReverseProxy. Citrix calls it AccessGateway..

      • Anonymous commented  ·   ·  Flag as inappropriate

        hi Gert (@ Astaro), any further progress on this. We are planning to implement a web based CRM/ERP I would like to protect in addition... thx

      • MattMatt commented  ·   ·  Flag as inappropriate

        I 2nd this, I would love to expose a few internal web sites to my users OUTSIDE of my network. Having AD Authentication for the Web Application module would be perfect. Our old Novell iChain had this feature, it was very nice.

      • Scott KlassenScott Klassen commented  ·   ·  Flag as inappropriate

        Do you mean WebAdmin? This already exists. You can set access to admin by user or groups, which can be setup as linked to backend (AD) accounts or groups.

      • maxhqmaxhq commented  ·   ·  Flag as inappropriate

        An authentication portal is the only missing feature that keeps us from offering OWA via Internet... It would be a great thing!

      • rf from shlrf from shl commented  ·   ·  Flag as inappropriate

        For an easier implementation of Outlook Web Access (OWA) it is a must!
        We' ve got actual 3 costumers, who needs this feature .

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.