SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Mail Security: Check ZIP / Archive files for blocked extensions

    I need, for example, to block exe files. however, the problem with ASG is that if files with blocked extensions are zipped - even without password protect the archive - they pass, because apparently Astaro only checks the zip file extension (rar, zip) and not the extensions of the files inside the archive, which means that you can bypass the blocking of any files by zipping them first. My only option now is to block zipped files which is not so practical as they may contain legitimate content that I don't want to block.

    208 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. 29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Different access right for hotspot in User portal for each account

    Access right for Hotspot configuration should be down to hotspot level.
    One user should not be able to configure all hotspot.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Source IP restriction for website / paths

    Please implement the ability to restrict access to specific paths on a website to defined source IP's. Usually this has been done on the webserver, but NAT'ting of the Webserver Protection breaks this feature on webservers (sees the internal IP of UTM instead of public source IP).

    Usage Examples:

    a)
    Website globally allowed
    path /administrator only allowed to defined source IP's

    b)
    Partner hosts a private company Website - should anly be accessible from Company public IP's
    path / only allowed to defined source IP's

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. REDs : Usng the 3G uplink to perform firmware updates

    We have an opportunity that has about 90 remote sites and due to the cheap alternative of using 3G USB dongle for Internet access, they would like to see that the REDs device would have the ability to not just use the 3G connection as a failover link but is a primary link for all subsequent updates after initial provisioning at the HQ, Ethernet connection in those remote area is not possible.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Change the format of HTTP Proxy warnings if website is not avaiable

    Very often, when a user tries to access to a web site that is not avaiable, he contacts me in order to report that Astaro blocked the site. This because common users DOES NOT READ the reason of the block (ie. "No Route to Host" or "Request timed out").

    It would be useful to differentiate the format of warning page.


    • The actual format for content blocked (not allowed sites)

    • A new format for error connection to the web sites

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reporting: Use alternative to Flash for charts

    Use something (anything) but Flash for reporting in the WebAdmin.
    Flot Examples (http://people.iola.dk/olau/flot/examples/realtime.html) its free and not a big security hole like Flash.

    You know, Android Support was cancelled by Adobe
    Flash iOS Support was canceld by Apple
    So its the best way to go way from flash to a better technology.

    27 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. Flash is now replaced and charts are rendered in Javascript. This now means they work on iOS, Android, and you enjoy the security benefits as well. Enjoy!

  8. NAC/Endpoint-Control of remote access users

    Normally you can only check username and password (in extension a certificate ) during remote access authentication. There is no ability for checking the environment of the user, f.e. what device is he using, AV running and up-to-date, Firewall on, not using special applications, etc. .
    There must be a applet used during clientless SSL-VPN access for checking the user environment against important security functions and after checking the user has to match into a security zone. Depending on which zone the user lands, there are different rules working for access the internal site.

    109 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Appliances: Smaller License for UTM 1XX

    For many of my customer, I only need network - web and wireless security especialy on utm 110-120-220
    Full guard licence are expensive for some functionality unused and customer prefer other firewall with more granularity in licence component and pricing

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This has been introduced as part of the UTM 100 product which offers BasicGuard of a smaller feature set. While not the 220 appliance, it does give you a lower price point when you need it down at the low end.

  10. Hotspot: Possibility to change the language

    Possibility to change the language of the hotspot (login page for the user) or the possibility to customize the messages (I do not mean the terms of use and user-defined text) themselves like the web filtering and mail filtering.

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Martin Becker responded

    This feature has been released as part of UTM 9.2. The login page can be fully customized, even images, css, and js can be embedded.

  11. Wireless Security: Redirect of Hotspot Client

    It would be nice to have an option to redirect initial traffic to a designated Web Site after the Password or voucher has been entered. This could be a companies homepage or in the hotel business the Hotels Website or Guest Wireless Policies.

    33 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. Clients can now be re-directed to a landing page of your choice once authenticated. Enjoy!

  12. Wireless Security: Authentication via Active Directory Credentials

    Add the ability to connect to the wifi network / hotspot using your AD credentials.
    The “company” wifi network can then be accessed using your credentials and when an account is removed or disabled you also cannot connect to the wifi anymore. With that feature you don’t have to change the wifi code whenever a person leaves the company. Maybe also add AD group membership so you can easily grant a select group of people access to your wifi network.

    110 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  13 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Networking: Add DNSSEC validation to ASG recursive DNS server

    I would like the option to enable DNSSEC validation within the ASG server.

    There are two parts to DNSSEC: the signing of domains within registrars and DNS hosting providers; and the validation of those domains within local recursive resolvers. The part I am most interested in is the latter. I would like to be able to turn on DNSSEC validation and have my home network start to get the added security benefit of DNSSEC. The ASG's recursive resolver would then request the additional DNSSEC-related records (RRSIGs) and perform the appropriate validation to ensure that the DNS records were not modified…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. Networking: Address "Buffer Bloat" with Codel algorithm

    CODeL buffer algorithm to help reduce buffer bloat

    the Algorithm is light and easy to implement (so i've been told anyway) and doesn't require any user settings or tweaks.(other than on/off)

    More info here http://queue.acm.org/detail.cfm?id=2209336

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Endpoint: Display infected system overview on dashboard

    Dear Astaro team

    We do not have any option which will show the graphical logs of the system which is infected by virus on the UTM dash Board or on Logs

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Networking: Allow monitoring via Span / Mirror Port

    Frequently customers would like to demo the Network Visibility, IPS, or other potential things which "might" be caught if the device were installed (bridged or as the gateway). However for the demo, they must do this with minimal chance of disrupting network traffic (or to bake off against other solutions as well). For this, UTM should be able to plug into the Span/Mirror port on a switch and provide monitoring and reporting on the traffic seen.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Endpoint Protection: Local Update Server

    Although reasonable bandwith is available at most sites, it doesn't make sense, that each endpoint is updating his protection form the internet. There should be an option that either the ASG itself is the (primary) update server or one or two endpoints. I would prefer to have an extra 10 or 20 GB partition for such a feature.

    61 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of Sophos UTM 9.1. When using UTM with Web Protection and web caching enabled, updates for UTM and Classic endpoint clients will be cached and distributed locally to save bandwidth as requested.

  18. Firewall / Proxy Time metering limit

    time consumption measurement period for definitions. e.g. 3 hours between 10.00 und 18.00 clock as child protection.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Protection: Content filtering of HTTPS URLs by SNI

    Enable the option to content filter HTTPS URLs without the full man-in-the-middle interception by doing lookups and categorization on the domains that are reported as part of the certificate exchange. While not as secure as full HTTPS interception, it would solve our problems and remove the need to do the full HTTPS roll-out procedures.

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Protection: Device-based Authentication Profiles (BYOD)

    ability to discover phones and tablets trying to get on the network.

    If a user is trying to get on the network, the admins would like to automate the process and reduce the interaction required by users or admins.

    If an employee brings their smart phone to the hospital, they get some sort of log in screen automatically, they check the box, agreeing to terms and the rest of the authentication process would be automated. Like logging on to a hotel network on a laptop.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.