SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Mail Encryption: One-Way / Clientless ( SPX )

    A system whereby customers can encrypt messages with the recipient having no in-place method to decrypt them, such as is currently possible with Smime/pgp setups.. Allows encryption to satisfy needs of many companies that do not havfe setup relationships with key exchanges and such, like Health Care, Government, Education etc... it should be very easy to use.

    43 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  11 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. IPS: Per-Rule IPS Exceptions

    Extended the exceptions functionality to allow for specific rules as part of an exception.

    This will allow for much more granular IPS exceptions in being able to specify a rule be disable/excepted only for a certain traffic flow, like for rule 2122 from Internet to Webserver, without disabling the rule globally or by exempting the resource from IPS fully.

    37 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. WAN Link Balancing: Create "Uplink Interface Groups"

    Regarding uplink load balancing, I'd like to create low cost DSL farms for HTTP browsing while reserving our T1 connection for two way bandwidth intensive operations. To do this I'd need Uplink Interface Groups. In uplink load balancing, HTTP access would be assigned an uplink interface group containing three DSL uplinks. The rest of the traffic would be assigned the T1 uplink interface.

    24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. Up2Date: Up2Date Installation at Scheduled Time(s)

    Implement a mechanism whereby it is possible to install system up2date packages via a scheduled time each day, week, month, etc... or one-time operation, such as "This tuesday at 3am".. Allows administrators to keep the astaro's updated without manual operations or using ACC.

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  5 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Restart PPPoE when Master Role has changed

    When the Master-Role changes within a Cluster PPPoE Connections will go down until the admin manually restarts the connection or until the automatic reconnect occurs.

    It would be helpful if an PPPoE Interface has an Option to trigger the reconnect when Cluster-Roles change.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This was treated as a bug and was fixed in Version 8.300. I’ll close this feature as a result.

  6. Web Security: Optimize SSL handling for AES-NI Supported Algorithms

    With the inclusion of AES-NI support in Version 9, it should be considered how to best utilize this acceleration to realize the massive gains possible. Currently, the client and server "talk" and decide which streams to establish and which encryption should be used.
    The negotiation should be tweaked/modified to prefer AES-NI supported algorithms. This will make sure that we can re-order or optimize this so that we promote the algorithm modes that we can accelerate.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Due to updates by various projects (like LIB-OPENSSL) this is already possible and will be present in UTM9

  7. WebAdmin: Allow Changing the Default WebAdmin IP Easily

    Why is Astaro the only vendor who doesn't allow changing the LAN IP address while connected to it? This is asinine, especially during the initial setup wizard!

    The feature reads as: allow changing of the IP address of the LAN IP during the setup wizard. Further, currently I cannot change the IP of an interface if i am connected over it, i have to make a new interface, connect over that, then change the IP of the interface i wanted to in the first place. This is tedious.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    In order to correct a few mistaken statements, allow me to comment.

    As of ASG 8.200, you can fully change the IP of the “connected” (or LAN in this example) interface via WebAdmin. It is also possible to change it during the Wizard.

    As such, I’ll refund the points and mark this as complete.

  8. Web Application Security: Support Domain Certificates (Wildcard)

    Currently in the Web Application Firewall it is not possible to create a catch all domain that will manage all unknown adresses.

    Let's say you work as a web host and want you're customer to access their web site under user.webhost.com ... It would be great to have a *.webhost.com that would catch all unspecified address and forward it to the web server

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    As Elmar mentions this was completed in 8.103 and enhanced in 8.200 with SAN support. Ensure your URL hardening lists are setup correctly, as URL hardening needs the concrete domain in the URL listings.

  9. reporting / Notification for inactive AP

    I want to have a reporting or notification if a AP goes inactive or if there is a Problem with them.

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Wireless Extenders (Repeater Bridges) for AP's

    Allow Astaro APs to act wireless range extenders to relay or repeat the current wireless network without the need to run a network cable.

    44 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1 for our AP 50 product. You can extend wireless networks across a new wireless-mesh framework that can be created from WebAdmin. Enjoy!

  11. SPLIT TUNNELING

    Split tunneling will be beneficial in many scenarios where customer requires direct internet access at branches with RED units.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    As Alan mentions, this is already possible via a number of different configuration choices.

  12. Networking: Support for USB Network Adapters

    There are a lot of small and cheap devices capable for the (home) use of Astaro Security Gateway software (e.g. netbooks with 1GB RAM) but limited just with one Ethernet interface, but also offering multiple USB ports. For most (small) installations an additional USB network adapter would be sufficient - but is so far not supported...

    Let's turn on USB network support in the kernel:

    CONFIGUSBCATC

    CONFIGUSBKAWETH

    CONFIGUSBPEGASUS

    CONFIGUSBRTL8150

    CONFIGUSBUSBNET

    !

    43 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. We now have support for many USB Ethernet adapters. Give yours a shot today, and let us know at www.astaro.org what you see for success. Enjoy.

  13. VPN: Connect to Amazon VPC Hardware VPN Easily

    in order to connect to Amazon VPC you need to have a special IPsec + BGP combination to create a resilitant connection with integration dynamic routing.
    Astaro should implement an easy way to quickly connect to amazon VPC without all the hassle.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  14. Web Application Security: Outlook Anywhere Support

    We need an Outlook Anywhere connection over the Web Application Firewall to secure the Exchange 2010 Server. Currently it is not possible to forward the RPC Requests through the WAF. A NAT rule is not secure enough.

    483 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    78 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. The Web Server Protection (WAF) area has been upgraded with new features to allow the handling of the Outlook Anywhere Protocol. Enjoy!

  15. Authentication: Support Availablity Groups for Auth Servers

    Make it possible to add additional domain server in the single sign on configuration or allow availability group in the "Server" configuration so that if the first domain is down authentication will fail over to the second domain

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. HA: Leave Cluster Node In Reserve During Up2Date

    For safety, instead of forcing the admin to disconnect and put a node to the side for "safekeeping" in case of a big failure when upgrading, it should be possible to set a node as "reserved" during the up2date process so that it remains separate and can instantly become active while the other unit(s) are upgraded.

    This lets the admin get back online and buys some breathing room in case they need to re-image or otherwise work with their cluster to address a failure.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
  17. Flow Monitor

    The flow monitor I can see where the traffic goes, whether HTTP or VPN, etc. but not who caused the traffic.
    It would be nice if the IP of the PC is displayed, which produces the traffic.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This is already possible by expanding via click the “client” table in flow monitor. As the feature is possible, ill mark it as complete, please check with support or www.astaro.org if you need more help on that.

  18. Store & Distribute Common "Definitions" (Objects)

    For those in the networking world who support several clients, it can become tedious to recreate your definition lists for each new Astaro you receive for a client. It would be nice if you could either keep a common list saved on your myastaro account that you could downloan into the Astaro when setting it or up possibly on a usb key that you could import in. Would definitely cut down on install time for networking companies.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Hi All,
    We have solved this problem using ACC Version 2.1, which added support for Central Objects for both Services and Network Objects. This is designed precisely to manage the type of situation you describe. You can deploy, revoke, change, and otherwise work with these objects in the ACC database and connected ASG’s, even disconnecting the ASG and preserving the published objects.

  19. RED: Connect to other ASG WAN Links

    If my ASG has more than one Internet Uplink, RED should be able to reconnect to another available link if the default connection is experiencing an outage. In this manner, RED would be aware of the other Link(s) available on that ASG, and would fall-back to re-establish the tunnel as needed using the next available connection, and then migrate back to the main/preferred one when possible.

    (If you previously voted for "RED Should be able to handle astaro's uplink failover", please place your votes here, as we cannot de-merge yet)

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Wireless Protection: Support of more than 8 SSIDs per ASG/UTM

    Allow to create more than eight SSIDs per Astaro Security Gateway. Even if there are only 8 SSIDs supported per Access Point, allow the more created SSIDs to be spread over the remaining attached Access Points.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.