SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Let's Encrypt Integration

    It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
    Best Regards

    1,641 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  290 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Networking: Multiple bridge support

    Many SMBs have outposts that do not have the perfect infrastructure to install servers there.
    So for several reasons (Security and Maintenance) we would like to install their dedicated servers in the HQ but appearing still as LAN devices.

    Pretending bandwith is not an issue we would like to use RED to connect the outpost clients to the servers in the HQ.
    To keep the network simple we need the possibility to configurer more than one bridge interface in ASG
    The servers appear to be in the clients local network, but are protected and seperated behind Astaro Gateway.

    Example:
    RED-Interface.1…

    828 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. MailSecurity: IMAP Proxy

    Implement an IMAP proxy. Provides filtering and scanning functionality for those that use this type of mail retrieval. It rounds out our offering to include all 3 of the major ways users access mailboxes.

    521 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    83 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Remote Access: Clientless VPN with WebPortal

    Extend the End-User Portal to allow basic Services with integrated Java and Active-X applets as well as web clients. for the protocols: - Java RDP Client auf WebServer - ActiveX RDP Client auf WebServer - Java Citrix Client auf WebServer - WebBased FTP Client - Java SSH Client auf WebServer - Java Telnet Client auf WebServer - Java VNC Client auf WebServer - Redirected internel webservice.

    497 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    32 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Application Security: Outlook Anywhere Support

    We need an Outlook Anywhere connection over the Web Application Firewall to secure the Exchange 2010 Server. Currently it is not possible to forward the RPC Requests through the WAF. A NAT rule is not secure enough.

    483 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    78 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. The Web Server Protection (WAF) area has been upgraded with new features to allow the handling of the Outlook Anywhere Protocol. Enjoy!

  6. WebAdmin: Display of Auto Packet Filter Rules

    The "Automatic packet filter rule" checkboxes in DNST/SNAT and VPN are a nice option, but are not often used by "old school" admins, because they like to see their packet filter rules displayed in webadmin and sort them as they like it, so they do not use this option and instead manually create their rules.

    It would be nice, if in packet filter site in Webadmin an "Advanced view" button or something similar would be shown, which will also display implicit rules created by the "Automatic packet filter rule" option.

    Minimum requirement:
    show rules as "readonly" rules which cannot be…

    420 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. Rules which are created as a result of selecting “auto firewall rule” in various configuration options (like NAT) can have their view toggled from the main firewall rules page. Enjoy!

  7. Wireless Hotspot/Payment/Captive portal


    • Captive Portal for Guest/Paid access

    • Ticketing / Voucher

    • Time-based access (one hour, two hours, ..)

    • Customizable page, exceptions, whitelists

    • Connection to paypal/amazon, clearing center for credit cards?

    364 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    45 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Networking: DHCP Options & Tweaks

    Extend the DHCP server with more options and configuration tools, adding more value to it.. Allows more use of the Astaro DHCP server without having to rely on outside dhcp resources, and more closely integrates DHCP functions into the ASG framework and configuration.

    291 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    55 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. Up2Date: Configuration Roll Back Option

    Add a link in the Up2Date section with the most recent applied Up2Dates, and all for a roolback to a previous version if needed.

    289 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Web Security: Time Quotas for Internet access

    I have had many requests to have a policy in our Web Security section where it is possible to allocate a time quota for Internet Access. They do not want to limit when people have access to Facebook for example but how long they are allowed to visit these type of sites.

    286 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    33 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. AstaroOS: Support for Two-Factor Authentication (SMS,Token, OTP, Moble App etc..)

    Dual-factor authentication is much stronger than password-based authentication which Astaro now using. Astaro has implemented the certificate authority and OpenVPN project has implemented support for PKCS#11 in version 2.1. What there is left ? Only to implement dual-factor authentication in Astaro.

    275 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    64 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →

    A 2 factor solution based off of OATH TOTP was released in UTM 9.200, and subsequent authenticator apps were released for mobile OSes, though other OATH clients such as google authenticator are also fully compatible.

    A further feature for SMS based 2fa for select features will be included in UTM 9.300.

  12. Networking: Add TShark (WireShark) for Packet Dumps in WebAdmin

    While TCPDump is useful, TShark is much more so, especially with Layer 7 filtering being added.

    Add the ability to capture and save a packet dump on a selected interface via the support section of ASG's WebAdmin

    262 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. VPN: An SSL-VPN Client for Android

    Would be great to have an installable SSL-VPN client for Android mobiles!

    257 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    45 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of UTM 9.1. Enjoy! We have added support for the new OpenVPN Android (and IOS) client. You can download their free client from the marketplace and connect to your UTM with it!

    After installing the client on your phone, visit the UserPortal and use the new installer on the remote access tab under SSL VPN.

  14. Network Security: MAC-Based Packet Filter Rules

    Provide a means whereby the MAC addresses of hardware can be used to craft packet filter rules.. Provides more precise security by avoiding the ability for a user to force an IP which should not be theirs, and thus gain access to filters based on that IP.

    248 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    47 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Mail Security: Check ZIP / Archive files for blocked extensions

    I need, for example, to block exe files. however, the problem with ASG is that if files with blocked extensions are zipped - even without password protect the archive - they pass, because apparently Astaro only checks the zip file extension (rar, zip) and not the extensions of the files inside the archive, which means that you can bypass the blocking of any files by zipping them first. My only option now is to block zipped files which is not so practical as they may contain legitimate content that I don't want to block.

    208 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. HTTP Reverse Proxy

    Add a Reverse proxy to ASG which is mainly requested for securing OWA as customers do not want to put it directly onto the internet. - some customers ask for Authentication prior allowing access - other customer want SSL-Offloading - third want Webseite security by preventing Cross site scripting and SQL injection..

    207 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add enhanced "paravirtualization" support for Citrix XenServer

    Would allow Astaro customers to take advantage of the speed increases realized by using paravirtualization in a virtual environment. Also, XEN currently requires the use of paravirtual drivers in order to "live migrate" a virtual machine between XEN hosts.

    188 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    34 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  18. Wireless/WiFi support in ASG (inkl. Guest Network)

    You should add wireless support to the ASG, so wireless networks can be easily managed from within the Astaro WebAdmin interface and it is easy to integrate it seamlessly into the security policy, network management, logging and reporting.
    It should support Multi-SSID and WPA2-PSK and WPA2-Enterprise

    The solution should be able to manage multiple Access Points, synchronize the configuration and setup proper roaming.

    Adding new access points should be very easy.
    Astaro should offer own Access Points or support 3rd party APs.

    185 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  24 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  19. Reporting: VPN Activity

    Create reporting from the vpn logs to show who logged in when, did what, and over what protocols. Also would be good to display currently connected vpn users and their status and activity, and allow disconnection/managment of such connections (disconnect and block for 10 minutes, etc...). Gives more insight into the state of vpn connectivity and who is making use of it, doing what.

    181 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  20. Networking: Granular QoS

    Provide a means of applying QoS to users and sessions, so that granular controls can be applied as needed to better control traffic and bandwidth.. Fine-tunes the offering of QoS to allow for more specific environments and configurations.

    162 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.