SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow API authentication to be restricted to tokens only

    At the moment, there are two options to authenticate to the RESTful API: User/Password or API Token. Since it is not recommended to use the username/password, it would be great to have an option to disable that method of authentication entirely. This ensure that company admins are using their API tokens.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    • Change Default Login User ID as admin for Sophos Firewall

      Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • Change Default Login User ID as admin for Sophos Firewall

        Change Default Login User ID as admin for Sophos Firewall. As per the IT Security we should not use the Login ID as admin or administrator. There should be an option to rename the User ID of admin or create additional user ID with Limited Rights.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
        • create an option to log user out when maximum login is reached

          users should be able to see devices they are logged and choose to disconnect a session in a situation where maximum login has been reached.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
          • MAC address Allow list for Personal Devices

            I see there is a MAC list so that you can RESTRICT an individual user to specific devices. Can there be a MAC list to add a user's phone, tablet, PC so that they don't have to log in through the user portal or with the Network Agent App on PERSONAL devices?

            3 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • allowed user gorups

              UTM Authentication process in allowed User / Groups for Authenticated Relay

              The UTM attempts to first authenticate the users to itself with AD before deciding whether or not users are listed in order to block or allow users/ groups the ability to relay emails through the UTM, when users have been added into the allowed users/group under allowed authentication Relaying in SMTP Global settings.

              A preferred option would be to first check if users are listed first before attempting to go through authentication process with AD.
              This allows for better performance as the UTM will go through authentication process only…

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • Secure & Up-to-Date Password Storage for Internal Users

                Hi there,

                currently, passwords of internal users are stored as md4 hashes. According to Wikipedia, this hash function was already severely broken 10 years ago: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" [1]. IMHO, this is a severe security issue, especially for a security device such as a firewall.

                While it's technically true that access to password hashes requires administrative access, those hashes should still be protected, even in case of compromise. This also facilitates insider attacks, and so on...

                Therefore, I strongly suggest that password storage follows well-established security principles: Use…

                18 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • hide token information

                  The utm offers the possibility to hide the token infomation of individual users.
                  We have the following situation:
                  Our few remote users donot use the user portal. The got the client configuration pushed to there remote device ans the QR-code for the token mailed to ther mobilephone. So ther is no need to bother them with the userportal.
                  on the other hand we got suppliers whice offers remote support on the machines we bought from them.
                  The support engineers using the user portal as entree to there machines.
                  Because we want to hav econtrole of the remote connections of our…

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • Azure AD synchro

                    Azure Active Directory Synchro option

                    2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                    • Login time the same in STAS and UTM

                      I would like to suggest that login time on Client Authentication was in GMT.
                      I have a SG implanted with STAS and when I will check the time is different between the two solutions.
                      e. g.: My GMT-3, in STAS the user aaaaa logged in Oct 18 12:20 2017, then I will look this information on SG, I see Oct 18 15:20 2017, three hours more.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                      • Using IAM Roles instead of setting up an IAM profile with access keys

                        We want to create a new feature request for Sophos UTM9.

                        In the latest version of Sophos UTM, in order for us to send logs to CloudWatch we are required to setup an AWS profile with Access Keys and Secret Access Keys. This is not a secure AWS pratice.

                        Can you please update this feature to include an option to choose "AWS IAM Role" instead of adding the access keys?

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                        • bypass users

                          i blocked zip & exe's downloads (as they may contain zero day) it would be good if web protection-> bypass users could bypass the restriction - at the moment it only works with web pages

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow Maxiumum Session Time per User/Group

                            The current 'Maximum Session Timeout' is only available to be applied globally - this should be allowed to be configured / applied for different authentication methods, or as part of a Group Configuration. This is to allow RADIUS users a different session to a Local User.

                            11 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • Zone Based Captive Portal

                              Kindly Provide Zone Based Captive Portal in next possible firmware upgrade,
                              So that firewall will push IP Address of only that specific Zone interface automatically to the users browser.
                              Currently default behavior of firewall is that it will push down only specific IP address of specific zone for all zones captive portal request which does not fulfill requirement of creating separate zone.

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • HTML5 VPN Portal - Smartcards

                                It would be good if we could pass through Local Resources such as smartcards as we enforce smartcard login requirements. This is currently preventing us from using the Sophos VPN HTML5 solution

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                • SFM - /log/applog.log data should not have the password credentials

                                  For the SFM, in advanced shell, if you run: cat /log/applog.log | grep applog
                                  The results will show the credentials used to connect to the firewalls. Please do not log the credentials in clear text.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Synchronize Authentication on UTM coming from Cisco WLC

                                    Customer is asking if possible to receive accounting information from a cisco wlc to put a username to a ip address in web filtering logs

                                    The way it is setup is a user connects to the cisco wlc which is authenticated via a radius server .

                                    the wlc use a windows dhcp server to allocate ip address and also gives it the Sophos utm as its gateway via web filtering.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • add subnets for login restriction of user groups

                                      dear corresponsent,
                                      we are using Cyberoam CR300iNG firmware build of 050. Firmware version is 10.6.5.

                                      I have such issue that want to restrict login for specific IP subnets.
                                      for example we have several VLANS and subnets and i want to enable login of users on specific subnets like WIFI, library, lab computers etc but i want to restrict them to login to office computers.
                                      in identity section of cyberoam there is groups tab, and under groups tab there Login restriction option.
                                      currently there are only options of Any node, Selected nodes, Node range.
                                      it seems as i can use only…

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add RADIUS Accounting Export to External RADIUS Server

                                        There is already an option in the UI to enable accounting when configuring a RADIUS server, but I was informed by support that that feature is not supported. Auth work fine on 1812, but accounting on 1813 is never sent. We need to be able to send accounting to the external RADIUS server. For reference, the ticket is RE: [#7150365] Web support query. Thanks!

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                        • network authentication

                                          in Sophos when we authentication on network it connect through our default getaway and also showing SSL certificate issue could we access it through FQDN .

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7 8
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.