SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Networking: Bandwidth / Traffic Quota

    Add the ability for administrators to specify bandwidth limits for users and IP addresses in regards to how much they can consume during a certain time period, certain hard limit, or on a certain service/proxy.. Gives the option to control bandwidth usage on the AxG so that admins can better manage their internet connection and control overusage and heavy users, especially during certain times.

    589 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    81 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. Networking: Full DNS Server

    It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
    At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.

    461 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. Networking: Add IGMP proxy

    Implement a simpe IGMP proxy so that IPTV at least from T-Home Entertain can be received. This is different from standard Multicast as it only to pass the asg and not dynamically communicate or register with other multicast servers

    375 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    70 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. Networking: Local Radius Server on ASG

    Cause small offices (planning offices, Laywers, etc.) are not using a windows server AD but like to use WLAN (cause there´s no cabeling needed) a local radius server would be helpful (i.e. available on Linksys Routers with TinyPEAP or via DD-WRT) to authentificate the users with a central security. So a local user database is still on the ASG. Why not implement an optional radius server instead of pointing to a local one on a windows server?

    222 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. Networking: Integrated Wake on LAN Service

    Add the wake on lan functionality. Provide the possibility to create a table (INTERFACE | MAC ADDRESS | DESCRIPTION ) where we can store the mac address of hosts to wake up. Also, the wake up command can be scheduled or manually executed.

    199 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. Networking: QoS For VPN Traffic

    Allow for Quality of Service rules to be created that apply to VPN traffic of roadwarrior and site-site.. Allows for better management of traffic limits and gives admins the ability to guarantee and control bandwidth across VPN's. Perhaps part of a V8 Revamp of QoS?

    199 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. Networking: Wildcard Hostnames for DNS Group Definitions

    being able to specify a 'root' domain name, or pattern, as a network definition, that could then be used in a traffic selector for bandwidth shaping, would help greatly. content delivery networks use hundreds of hostnames, but usually stick with one 'root', example: 'something.nflximg.com' or 'something.llnwd.net' by specifying something like "*.llnwd.net' as the source, we could then limit the traffic as desired.

    128 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  32 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. Multipath: Allow WAN1 to burst to WAN2

    Astaro must have the ability to allow traffic to burst over to a second WAN link when the primary WAN link is saturated or reaches a defined maximum of traffic amount in a day/week/month. We currently have options to failover traffic depending on source, destination, and interface. What we need is another category for bandwidth utilization.

    122 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. Networking: DHCP & Dynamic DNS Updater

    It would be nice to add to the DHCP and DNS the ability to register dynamically on the local DNS zone the name of the machine and IP address that have just be assigned by the DHCP server.

    112 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. VPN: Support zeroconf / avahi / bonjour

    Given that Astaro's VPN mechanism creates non-bridged subnets, it'd be incredibly useful for networks with a large number of Macs particularly to have Wide-Area Bonjour (i.e. Avahi or Zeroconf) built into ASG's DNS server.

    109 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Networking: Time-Based quality of service rules

    Add option for Time-Based QOS rules, Where we can assign time and Bandwidth to a Network.

    96 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  23 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. DNS over TLS

    Please implement support for DNS over TLS queries to supported resolvers (like the new Quad9 resolvers). Very important privacy feature, imho.

    88 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. Networking: DHCP Relay over VPN tunnel

    Customers uses more and more central DHCP servers therefore we need to extend the DHCP-Relay option to also support forwarding the relay requests via an established Site-to-Site tunnel. Support a centralzied DHCP configuration scenario

    87 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. Networking: Enhanced Link Aggregation (LAG) Modes Support

    Using the middleware (cc CLI) it is already possible to set link-aggregation to a different mode than the default mode 4 (802.3ad).
    We would appreciate to see all other modes becoming an official part of the Web GUI:
    - mode 0 (balance-rr)
    - mode 1 (active/backup)
    - mode 2 (balance-xor)
    - mode 3 (balance-broadcast)
    - mode 5 (balance-tlb)
    - mode 6 (balance-alb)

    68 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  15. Networking: Expire DHCP Leases via WebAdmin

    Currently you cannot easily end a DHCP lease. This could easily be done instead of having to edit a file on the command line and restarting DHCP by adding a button next to each lease on the DHCP leases page.

    66 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  10 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. Networking: Support multiple DHCP relays

    In many PXE environments, it is normal to get regular DHCP from one host and BOOTP DHCP from another. This works fine as long as the client machines are in the same network as the DHCP servers, but will not work from the GUI.

    Can already do this at the CLI:
    chroot /var/chroot-dhcps/ /usr/sbin/dhcrelay -i if1 -i if2 dhcp-server
    if1 = interface 1
    if2 = interface 2
    More can most likely be added.
    dhcp-server = new DHCP server you need access to in addition to the one already specified in the GUI.

    64 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Networking: IPv6 support for SSL VPNs

    Please provide support for IPv6 with SSL VPN.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Networking: Site to Site GRE Tunnel Support

    Support for allowing us to ditch our Cisco router by letting us setup site to site GRE Tunnels.

    57 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. option to manage MSS-Size

    Our internet connection requires a special MTU and MSS size.
    The following rule is required to filter the traffic for all clients on the WAN and WiFi

    iptables -t filter -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN
    -j TCPMSS --set-mss 1360

    This rule can only be added via the terminal and is not persistent.
    Please make this option available in the GUI.

    References: https://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/31852-strange-problem-some-sites-working-some-not-2.html

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Second DHCP Server in DHCP relay

    It would be great if you could enter two DHCP server in the DHCP relay. We have two Windows 2012 R2 server with an active/standby Cluster. If the active node Fails, the secondary will take function. But we have to take care, to change the server in the relay on the UTM to let it still work.

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 14 15
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.