SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
29 votes
-
Save Button for Changes
Changes in the GUI shouldn't be active immediately. There must be a save button to activate changes. It is very important to prevent mistakes and you can change several setting and activate all at the same time to not lose the connection.
15 votes -
RADIUS
RADIUS support for ssh access.
There are a lot of things which you can only do on a shell. Either with ssh to the box or with the serial console. One example might be tcpdump /cc commands/ grep.
However, logon does only work with loginuser and or as root. Having multiple admins, you never know who does what. And this is a nightmare for auditing or troubleshooting reasons.Therefore, I would recommend to enable RADIUS authentication (or other authentication) for ssh and console access.
I really would prefer a behaviour like most other network devices:
Logon to the box based…1 vote -
Central Management option to name the unit being added to the SUM server.
Currently the hostname is used to identify the UTM in SUM. You then need to go into that unit on SUM and edit the Registration with a Friendly Name. It would be nice on the UTM under Central Management to add a Registration Name. This name would then be used in the SUM Server to identify the UTM.
1 vote -
ACC to produce exportable asset list report of all hardware under management
It would be useful in these days of security auditing to have the ACC produce an asset report of all hardware under management including all serial numbers of ASGs / Sophos UTM devices within clusters
2 votes -
WebAdmin: Configuration Changes Commit/Rollback Support
Hi,
If should be great to save an history of the configuration each time an administrator save something and maybe create a restore point to rollback to the initial configuration if something does not work after some modifications.
Thanks,
17 votes -
Management: Enable UPS sharing
It should be possible to make the UTM the UPS master and other servers obtain notifications from UTM or UTM becomes a client of another UPS server offering informations.
189 votes -
Authentication: Import DNS hosts lists from AD OUs
When importing objects from AD Astaro does not differentiate between users and computers in AD. If I sync an OU that contains computers, they are imported as user accounts which doesn't make sense. Couldn't there be an option to import those computers into the network definitions as DNS hosts? This way it would be easier to create specific rules for PCs on the network without having to create all the definitions.
7 votes -
Astaro Command Center - VMWare FUSION support
Astaro Command Center - Please Provide VMWare drivers and integration components for FUSION so Macintosh Users using VMWare can use this product. Currently you only support VMWare's esx and vsphere.
4 votes -
Management: Full Change Log Publishing
Please start publishing complete change logs for new firmware releases. It is ridiculous to have to hunt for hours in the forums to find some answers. Complete change logs are a must have feature for production use -- I need to know what was changed across versions to a) judge impact on prod b) be able to quickly diagnose issues arising after upgrade (happens all too frequently)
5 votes -
Backup: Partial Backup/Restore
Allow a user to create and restore backup files that contain only parts of the configuration.. users would be able to selectivly make use of various parts of the configuration in other firewalls, allowing for easier rollout of multi-site locations. As well, they can restore only parts of a backup file that are required, thus allowing for faster recovery and without affecting all areas of the box.
68 votesThis feature was implemented in XG Firewall
-
Management: Archive backups like logs
UTM only supports automatic backups sent by email or to a UTM Manager repository.
It would be great to export them via SCP, FTP, Network Share like log files can.31 votesThis feature was implemented in XG Firewall
-
WebAdmin: Activate configuration at specified date and time
It would be a good thing to have to possibilty to predefine e.g. firewall rules, vpn connections, clientless vpn connections, users or whatever and activate them at a special day and time.
For example a bunch of new emplyees start their work at 1st of march - so the admin can predefine their users, rules and remote connections for them to be active 8am at 1s of march.So he will not forget that things during the daily business at 1st of march.1 vote -
Prowl / Growl notifications
It would be awesome to have alerts and notifications delivered via Growl (or Prowl for iOS). It's a much faster and more obvious way to manage alerts!
3 votes -
AstaroOS: Restore Encrypted Backups via USB during Boot
Currently you can place a backup file on a USB stick, name it to restore.abf, and it will be installed during boot up.
Please provide the feature to permit the upload of an encrypted configuration file (.ebf) during the boot of the firewall by prompting for the password during boot which is entered via console (or ideally perhaps the LCD??)
3 votes -
Notifications: set notifications per user/group
It should be possible to address notifications to different users or user groups.
For example:
IPS warning to user a@exmaple.com
Base system notifications to user b@example.com
2 votes -
"Reset to Defaults" - Button for IPS and WEB-Contentfilter
Would be riskless, do an automated backup first !
2 votes -
WebAdmin / User Portal Help access control
Would like to have the possibility to control the accessibility of WebAdmin / User Portal Help, because right now it is accessible without a valid authentication.
I think the best way would be to get only access to the online help with a valid authentication and maybe also by a selection of allowed users/groups/etc..4 votes -
Up2Date threshold time
There should be an option to define a Up2Date threshold time limit before installing a new pattern (instead of download intervall).
5 votes -
Insert Comment to the Subject of an Emailed Backup Filel
It would be very helpful if the backup comment (Management > Backup/Restore > Create backup > Comment (optional)) will be included in the subject when sending backup files via mail.
Current subject when sending a backup manually:
[<hostname>][INFO-010] Configuration Backup FileSuggestion:
[<hostname>][INFO-010] Configuration Backup File (<Comment that was entered while creating the backup>)2 votes
- Don't see your idea?