SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Let's Encrypt Integration

    It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
    Best Regards

    1,638 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    296 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSL VPN: Convert .ovpn to .apc/.epc for Site-to-Site SSL Tunnels

    Please make a tool to conver regular openvpn configuartion files to your apc/epc format. Without such a tool it is impossible to use an astaro as client for existing openvpn server.

    594 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    126 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  3. Networking: Bandwidth / Traffic Quota

    Add the ability for administrators to specify bandwidth limits for users and IP addresses in regards to how much they can consume during a certain time period, certain hard limit, or on a certain service/proxy.. Gives the option to control bandwidth usage on the AxG so that admins can better manage their internet connection and control overusage and heavy users, especially during certain times.

    587 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    81 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. VPN: IKE V2 Support

    IKE V2 is the newest innovation to IPSec and makes using of mobile clients a lot easier. I wish to integrate IKE V2 as soon as possible.
    See: http://tools.ietf.org/html/rfc4306 (RFC 4306)

    465 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    62 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. Networking: Full DNS Server

    It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
    At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.

    458 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. websocket support for WAF

    we are hosting a SignalR hub (http://signalr.net/) behind a Sophos UTM 320. We use the Web Server Protection feature extensively in our environment, and as such have opted to use the same for this.
    SignalR will always try to use Web Sockets (http://en.wikipedia.org/wiki/WebSocket), a new HTML5 API, and fallback to other technologies where this isn't possible to be used.
    Since we've been hosting the hub via the reverse proxy, none of our clients are able to connect via Web Sockets :so having support for websockets in WAF would be super cool

    452 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    55 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Networking: Per-User Bandwidth Graphs (QoS Graph)

    Add the ability to see selected (or all), bandwidth graphs per user. I would like to be able to specifically show my users, that they are using X amount bandwidth.

    450 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    32 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Upgrade to modern version of StrongSWAN which uses charon instead of pluto

    Astaro still uses StrongSWAN ipsec version 4.4.1 which is from 2010.
    The latest build of ver 4 is 4.6.4 in mid 2012.

    But with today's times.. they are up to version 5.0.4! Version 5 started in mid 2012 when they ditched the old Pluto package and updated Charon to handle both IKE 1 and 2.

    For a router boasting support, I'd think that would be a priority to at least be on-par with the open source technology.

    Then after you do this, you can update the GUI maybe also to handle exposing some of the ipsec.conf settings that it's hiding…

    397 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    54 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. URL Redirection

    It would be great if it would be possible to redirect certain URLs

    For example:

    www.company.com => www.company.ch/site1
    www.company.com/site1 => www.company.com/newsite

    Thank you :)

    375 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. SMTP: Multiple Hostnames/Interfaces Support

    With the SMTP proxy able to handle mail for many domains, allow the proxy to be configured so that an admin can assign a hostname per profile, or have the proxy report different hostnames per outgoing interface. (and the ability to specify which domains/profiles go out which interface). Allows for easier management and adoption of many smtp domains on a single asg appliance.

    372 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    31 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Networking: Add IGMP proxy

    Implement a simpe IGMP proxy so that IPTV at least from T-Home Entertain can be received. This is different from standard Multicast as it only to pass the asg and not dynamically communicate or register with other multicast servers

    371 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    70 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Licensing: Free Home-Use License on ASG Appliances

    Currently it is not possible to use a hardware appliance with a home use license, meaning it is necessary to wipe the device's hard drive and reinstall from the software appliance ISO. I've never been sure of the reason for this restriction - used Astaro hardware is available from sources such as eBay and so is a viable option for home use. It would be great to be able to make full use of the additional hardware appliance features (LCD display on 220s and up, graphic of appliance port activity on dashboard) when running as a home user.

    323 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  13. WebAdmin: Export / Import of Network Definitions

    Make it possible to export and import lists of definitions - especially host definitions.

    307 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    64 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Reporting: Enhanced Hardware Information

    Add granular and detailed reporting graphs showing details like:
    CPU usage per core
    CPU usage by processes(iowait, interrupts, useful for determining HW problems or poor performance)
    RAM per process
    SMART status
    Heat/Cooling/Power(RPMs, temps, voltages)
    UPS status(Vbatt, Vout, Vin, etc)

    all of this can be implemented using Munin with some tweaking

    307 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  36 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. WebAdmin: Use More Screen Resolution

    Allow WebAdmin to scale (such as was the case in V6) to correctly use most/all of the available screen resolution. Use all the available vertical resolution (to avoid having to scroll) and also use as much of the horizontal space as possible. Simply stretching it to fit won't be pretty, focus on the vertical and use horizontal as it makes sense.

    295 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →

    While we worked on this , the V8 WebAdmin was updated and adjusted to fit better in a standard size. However simply full-screening it or adding massive amounts of resolution wasn’t visually attractive. We will revisit this in the future perhaps.

  16. Monitoring: Add Zabbix / Nagios client

    A lot of us (at least with bigger environments) are using systems like Zabbix or Nagios to monitor their stuff.

    An direct integration of the clients into Astaro would it make a lot easier to integrate the Astaro boxes into it. SNMP alone does not provide a lot of values which are interesting to monitor. Like:
    - Packet filter violations
    - IPS stats
    - VPN Users online
    - and much more

    272 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. RED: DSL/VDSL (PPPOE) Support

    RED should be able to do DSL/VDSL (PPPOE), as this way it can be used with an ISP which is very common worldwide in requiring authentication against their modem.

    238 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    33 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Under Review  ·  Martin Becker responded

    After a careful review we decided to not include this feature in UTM 9.2. We are now considering it for the next feature release whose launch date has not been decided upon yet.

  18. Enhance Application Control App Categorization

    Lot of people would like to be able to easily block advertisers, web trackers and analyzers to enhance their surf experience in general and to enhance privacy too by blocking all those trackers and analyzers.

    There are already >150 of such advertisers, trackers and analyzers as apps in the UTM's application control. Sadly all of them are categorized as "web services", which is misleading andunhelpful, as in this category are also CNET and Mozilla downloadservers, CDN's as Akamai etc., whic disallows a simply general block af that category.

    I propose, that this "web services" category will be splitted further into …

    228 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authentication: Single-Sign On for Astaro Authentication Agent

    Expand the Astaro Authentication Agent to (optionally) use the currently logged on Windows credentials instead of manually entering credentials.

    226 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Webserver Protection: Reverse Authentification with NTLM and Kerberos

    The Reverse Authentification feature (UTM 9.2) for WAF is a nice progres, but I'm hoping that it will soon be extended. There are many scenarios that require at least NTLM; Kerberos would be nice as well. Yes, we are coming from TMG :-)

    221 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 178 179
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.