SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Disable Server Signature
Can you please disable the Server Signature header on the Web Server Protection so that it shows NULL or anything else apart from "Apache".
Although this is not a failure for PCI compliance, it does flag on the check and not showing closes a possible issue.
5 votes -
UserPortal: Configurable Timeout Option
The User Portal needs a configurable time out to log users out after a period of inactivity.
Even with session cookies disabled the session will remain open for many, many hours unless the user chooses to manually log out.
42 votesThis is something we would look to add in an upcoming version. Thanks!
-
Guest WLAN (Hotspot) - "DHCP Address Assignment Required" Option
If guests change their IP adresses, it is not possible to track them in the logs. After a simple IP change, we have no possibility to connect an IP address to a MAC and then to a Voucher/Guest. So you can bypass the logging. This is an importion feature for guest wlan / hotspot feature!
56 votesThank you for your feedback. We will look into this.
-
RED: Restart tunnel instead of unit
When the internet connection drops at the main site (UTM location) the RED restarts to get the tunnel up again. When (for some reason) the internet connection stays down at the main site all internet activities at the remote location are down due to continuous restarts of the RED. If the *** only tries to pick up the tunnel, the internet at the remote location can still be used.
77 votes -
Web Server Protection: Support for ActiveSync 14.1
WAF doesn't support ActiveSync 14.1, i.e. after you install SP3 for Exchange 2010, you can't use use WAF to protect your ActiveSync Server anymore. This is poor.
78 votes -
RED: Allow Branch Name to be Renamed
I would like to be able to rename/change the description in the "Branch Name" field of the RED sites. I see that in the WebAdmin there doesn't seem to be a way.
When we get an alert that "redXX is down" it would be really helpful to not have to dig up my notes on which site that actually is. This should be a standard feature.
More detail about this are posted on the forum:
http://www.astaro.org/other-products/remote-ethernet-device-red/47745-rename-red-branch-name.html53 votesUnder Review ·AdminJan Weber (Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are investigating adding the option to change Branch Name.
-
Networking: HA/Clustering for Amazon Cloud
The ability to operate a pair of UTM software appliances in a VPC, in different AWS availability zones, configured as HA/clustered pair.
This feature is critical in providing a truly HA VPC solution. I have the need to operate a very highly available VPN endpoint for multiple healthcare providers and this one deficient is preventing us from moving forward with the excellent UTM software appliances.
(Amazon has a white paper outlining how to make the default NAT instance highly available using two NAT instances and a script that detaches and reattaches the virtual interface and MAC to the standby instance.)
9 votes -
RED: Support using own CA in RED to generate 'valid' certificates
Particularly to the RED interface. It would be helpful to apply a certificate to this communication as currently this port 3400 uses a self signed certificate which if you ask the Payment Card Industry Data Security Standard compliance testing they fail you for having a self signed certificate.
17 votes -
Networking: Forward Ping for Devices behind UTM
In V8 it was possible to Ping Devices behind the UTM Device, in V9 it is Disabled and could not be Enabled with a Packet filter Rule.
This function is useful for us and our Customer which has Devices behind the UTM in his own DMZ that should be monitored by Monitoring Systems etc.
18 votesWhile already possible by disabling the built-in ICMP handlers and creating your own packet filter rules for explicitly allowing such traffic, we will review the operation of this behavior and if we can refine the GUI here.
-
Networking: Control IPSec VPN Route Orders
Please add Support for route based vpn so you can prefer the BGP route first followed by the IPSec route if your BGP route is not available.
26 votes -
Authentication: Use Wireless Credentials for other UTM modules
Passing the authentication credentials from 802.1X WPAx enterprise authentication to other UTM modules would enable seamless SSO for wirelessly connected devices and would be particularly useful for authentication of mobile devices.
36 votes -
Application Control: Apply rules to Active Directory Users/Groups
Astaro please include application control rules applicable to users group in AD. Very important to include.
134 votesUnder Review ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Although it is possible to use AD groups for App Control right now, there are limitations. We want to make it consistent with Web Filtering policies. We are considering this feature as a candidate for a future release.
-
Endpoint Protection: Activity Report
Client requesting the ability to create a recurring report (emailed daily/weekly) that lists all the systems by last update, with errors, and/ or those that differ from policy. Should be able to create a report on any tab or policy that exists in the product based on computer name, policy or container name
18 votesWe are reviewing this for the next version of UTM Endpoint Protection
-
Networking: Summarize DHCP Leases with a Total
When the DHCP server is configured with a large scope - say a capability of a range of 200+ leases. then it can be very difficult to determine how many leases are currently active, especially when leases that have already expired are still shown in the table. One has to manually count the entries in the table. It would be wonderful if a counter was available at the top of the lease table showing the number of current active leases.
18 votes -
Management: Unify Static DNS / DHCP mappings to Object Definitions
Use the same data for DNS static entries as for Network host definitions.
Like this we would not need to enter the same data twice.7 votes -
Mail Protection: Keep forwarded message in the Spam Quarantine
It is not technically possible to fully verify if forwarded mail is accepted by User Mailsystem. Quarantined E-Mail should stay in Quarantine to be cleaned / expired instead.
2 votes -
Authentication: Dedicated AD / LDAP Server Agent
We would like a program(s) that could install directly on our Active Directory or LDAP server that would update the appliance on what user currently has what IP(s). This way their user objects could be automatically kept current without the need of the Client-Agent you offer, and give me super precise control by User.
5 votes -
WebAdmin: Sort controls for DHCP Lease table
Would be great if you could sort the DHCP Leased IP table by Ascending/Descending order.
31 votes -
Notifications: Include System Time in Event Notifiers
E-Mail notifications (internet uplink up or down, etc.) include the system uptime but not the actual time of the event. It would be much more helpful if the e-mail notifications included the actual time (local or zulu) of the event.
12 votes -
Reporting: Per-User Bocked Count
Make it possible again to report on the count of blocks per user, summarizing in order to find users with high blocked counts.
This was possible before version 8.2.
It should also be able to filter by category - but be able to include MULTIPLE categories in the filter. This way, overall block counts, and then related category blocked counts can be viewed, and used to inform further investigation of necessary.2 votes
- Don't see your idea?