Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Aaron Bugal

My feedback

  1. 35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  6 comments  ·  SG UTM » Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal commented  · 

    The current BETA of the Sophos Firewall OS allows you to infer user objects from both DC login and RADIUS accounting. Here I've got my Cisco WLC sending accounting information to SFOS, and users are being identified based on their credentials used to join WiFi. Works very well!

    Aaron Bugal commented  · 

    Ideally this would leverage associated records on an existing AAA service on the network which is used by 802.1x. Eg: iOS device authenticates to the network using 802.1x, the Web Protection module could then cascade down 'authentication servers' (AD SSO >> RADIUS) to establish trust of the device and map it back to a specific Web Protection profile.
    This would greatly help the educational space and corporates who are introducing BYOD and are providing network access via wireless but still wish to capture WHO is using the infrastructure.

    Aaron Bugal supported this idea  · 
  2. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » Management  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal supported this idea  · 
  3. 29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Aaron Bugal supported this idea  · 
  4. 15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Aaron Bugal commented  · 

    Doesn't SEC already provide this with it's 'Smart Views', filtering system that are online, up2date, protected, etc?

  5. 39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  SG UTM » Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal commented  · 

    Would be cool if the WiFi Hotspot feature could have this as an 'auth method;.

  6. 4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal commented  · 

    The primary use case is in environments where passwords are shared (either inadvertently or directly) with other staff members. As such, knowing a Username and Password would then allow the unauthorised user to gain access to the QR code via the User Portal.
    If the process can be manually controlled - like it can be now - it regulates WHO actually gets the soft token.
    However, the manual process requires a SECRET which needs to be manually created by the Admin (as expected).
    The feature simply expose the automated generation of a secret key and allow the admin to invoke that same function from webadmin when building a manual soft token.

  7. 178 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  SG UTM » Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo Comazzetto responded

    We are hard at work on this feature and will deliver the first implementation of front end authentication as part of our Web Server protection (reverse proxy) in UTM 9.2. The public beta will begin in October. Stay Tuned!

    Aaron Bugal commented  · 

    Given the demise of ISA and TMG; many organisations are using Forms Based Authentication over SSL provided by the TMG to the world. Once a user is authenticated to a backend (typically AD), an SSO action is performed against the Exchange Client Access Service; presenting au authenticated Outlook Web Access session.

    Currently, with the Sophos WAF, we simply publish the CAS; however, the issue is that in some cases SSL certificates are NOT used, as the TMG only requires SSL from external and then internally requests OWA content via HTTP.
    As such, our current implementation requires those customers to configure the IIS server sustaining the OWA/CAS system with an SSL certificate that is publically verifiable.

    Aaron Bugal supported this idea  · 
  8. 18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Operating System  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal supported this idea  · 
  9. 31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal supported this idea  · 
  10. 36 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal supported this idea  · 
  11. 111 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal supported this idea  · 
  12. 24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Secure Web Gateway » Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal supported this idea  · 
    Aaron Bugal commented  · 

    Agreed, with the increase in more OPEN type of usage policies for URL category access; businesses still wish to regulate what file types can be downloaded from these sites.
    Ideally, breaking the association of URL and File Type within default and Additional rules and having file types act in a similar fashion to that of how the newer Authentication/Connection Profile system works would allow an overlay of file type downloads depending on request and or destination.

    This would also mean a rework of the User Submission for FILES as well due to its current design.

  13. 26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Secure Web Gateway » Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
    Aaron Bugal supported this idea  · 
    Aaron Bugal commented  · 

    Agreed; notifying the end user that a request has been blocked or allowed and then providing them a summary of what they originally requested would be nice. Currently, their local help desk must implement this procedure manually which is a time and effort cost and contradicts our simplicity model.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.