SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SSL VPN: Convert .ovpn to .apc/.epc for Site-to-Site SSL Tunnels

    Please make a tool to conver regular openvpn configuartion files to your apc/epc format. Without such a tool it is impossible to use an astaro as client for existing openvpn server.

    607 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    126 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  2. Networking: Bandwidth / Traffic Quota

    Add the ability for administrators to specify bandwidth limits for users and IP addresses in regards to how much they can consume during a certain time period, certain hard limit, or on a certain service/proxy.. Gives the option to control bandwidth usage on the AxG so that admins can better manage their internet connection and control overusage and heavy users, especially during certain times.

    591 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    81 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. VPN: IKE V2 Support

    IKE V2 is the newest innovation to IPSec and makes using of mobile clients a lot easier. I wish to integrate IKE V2 as soon as possible.
    See: http://tools.ietf.org/html/rfc4306 (RFC 4306)

    502 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  70 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Networking: Full DNS Server

    It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
    At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.

    463 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. websocket support for WAF

    we are hosting a SignalR hub (http://signalr.net/) behind a Sophos UTM 320. We use the Web Server Protection feature extensively in our environment, and as such have opted to use the same for this.
    SignalR will always try to use Web Sockets (http://en.wikipedia.org/wiki/WebSocket), a new HTML5 API, and fallback to other technologies where this isn't possible to be used.
    Since we've been hosting the hub via the reverse proxy, none of our clients are able to connect via Web Sockets :so having support for websockets in WAF would be super cool

    460 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    58 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Networking: Per-User Bandwidth Graphs (QoS Graph)

    Add the ability to see selected (or all), bandwidth graphs per user. I would like to be able to specifically show my users, that they are using X amount bandwidth.

    453 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    32 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. Upgrade to modern version of StrongSWAN which uses charon instead of pluto

    Astaro still uses StrongSWAN ipsec version 4.4.1 which is from 2010.
    The latest build of ver 4 is 4.6.4 in mid 2012.

    But with today's times.. they are up to version 5.0.4! Version 5 started in mid 2012 when they ditched the old Pluto package and updated Charon to handle both IKE 1 and 2.

    For a router boasting support, I'd think that would be a priority to at least be on-par with the open source technology.

    Then after you do this, you can update the GUI maybe also to handle exposing some of the ipsec.conf settings that it's hiding…

    407 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    56 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. URL Redirection

    It would be great if it would be possible to redirect certain URLs

    For example:

    www.company.com => www.company.ch/site1
    www.company.com/site1 => www.company.com/newsite

    Thank you :)

    381 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    48 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Networking: Add IGMP proxy

    Implement a simpe IGMP proxy so that IPTV at least from T-Home Entertain can be received. This is different from standard Multicast as it only to pass the asg and not dynamically communicate or register with other multicast servers

    377 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    70 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. SMTP: Multiple Hostnames/Interfaces Support

    With the SMTP proxy able to handle mail for many domains, allow the proxy to be configured so that an admin can assign a hostname per profile, or have the proxy report different hostnames per outgoing interface. (and the ability to specify which domains/profiles go out which interface). Allows for easier management and adoption of many smtp domains on a single asg appliance.

    375 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    32 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Licensing: Free Home-Use License on ASG Appliances

    Currently it is not possible to use a hardware appliance with a home use license, meaning it is necessary to wipe the device's hard drive and reinstall from the software appliance ISO. I've never been sure of the reason for this restriction - used Astaro hardware is available from sources such as eBay and so is a viable option for home use. It would be great to be able to make full use of the additional hardware appliance features (LCD display on 220s and up, graphic of appliance port activity on dashboard) when running as a home user.

    330 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  12. WebAdmin: Export / Import of Network Definitions

    Make it possible to export and import lists of definitions - especially host definitions.

    320 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    65 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Reporting: Enhanced Hardware Information

    Add granular and detailed reporting graphs showing details like:
    CPU usage per core
    CPU usage by processes(iowait, interrupts, useful for determining HW problems or poor performance)
    RAM per process
    SMART status
    Heat/Cooling/Power(RPMs, temps, voltages)
    UPS status(Vbatt, Vout, Vin, etc)

    all of this can be implemented using Munin with some tweaking

    314 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  36 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. WebAdmin: Use More Screen Resolution

    Allow WebAdmin to scale (such as was the case in V6) to correctly use most/all of the available screen resolution. Use all the available vertical resolution (to avoid having to scroll) and also use as much of the horizontal space as possible. Simply stretching it to fit won't be pretty, focus on the vertical and use horizontal as it makes sense.

    298 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →

    While we worked on this , the V8 WebAdmin was updated and adjusted to fit better in a standard size. However simply full-screening it or adding massive amounts of resolution wasn’t visually attractive. We will revisit this in the future perhaps.

  15. Monitoring: Add Zabbix / Nagios client

    A lot of us (at least with bigger environments) are using systems like Zabbix or Nagios to monitor their stuff.

    An direct integration of the clients into Astaro would it make a lot easier to integrate the Astaro boxes into it. SNMP alone does not provide a lot of values which are interesting to monitor. Like:
    - Packet filter violations
    - IPS stats
    - VPN Users online
    - and much more

    279 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. RED: DSL/VDSL (PPPOE) Support

    RED should be able to do DSL/VDSL (PPPOE), as this way it can be used with an ISP which is very common worldwide in requiring authentication against their modem.

    242 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    33 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Under Review  ·  Martin Becker responded

    After a careful review we decided to not include this feature in UTM 9.2. We are now considering it for the next feature release whose launch date has not been decided upon yet.

  17. Enhance Application Control App Categorization

    Lot of people would like to be able to easily block advertisers, web trackers and analyzers to enhance their surf experience in general and to enhance privacy too by blocking all those trackers and analyzers.

    There are already >150 of such advertisers, trackers and analyzers as apps in the UTM's application control. Sadly all of them are categorized as "web services", which is misleading andunhelpful, as in this category are also CNET and Mozilla downloadservers, CDN's as Akamai etc., whic disallows a simply general block af that category.

    I propose, that this "web services" category will be splitted further into …

    234 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentication: Single-Sign On for Astaro Authentication Agent

    Expand the Astaro Authentication Agent to (optionally) use the currently logged on Windows credentials instead of manually entering credentials.

    226 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Webserver Protection: Reverse Authentification with NTLM and Kerberos

    The Reverse Authentification feature (UTM 9.2) for WAF is a nice progres, but I'm hoping that it will soon be extended. There are many scenarios that require at least NTLM; Kerberos would be nice as well. Yes, we are coming from TMG :-)

    224 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Wireless: Reboot / Restart of Access Points

    Ability to restart a connected wireless access point from the ASG web interface. Sometimes I find they are not working corrected and need to be rebooted/restart/powercycled. It would be nice if this could be done remotely, right from the web interface.

    224 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    42 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 180 181
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.