SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RED: Support Backup Hostname for RED Connection

    Currently, REDs and ASG must find and connect through the definition of a single host-name that is fully resolvable in the public. While this can use the DynDNS feature in ASG already for "fail over", it might be more simpler to just offer another host-name field to be used in the event RED looses connection to the main host-name?

    Even with multiple WAN links avaialable to an ASG, the REDs use of just a single hostname poses a problem if that particular WAN link or ISP should drop for a time (e.g. fiber cut, dead modem, etc). The downed REDs…

    53 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  2. RED: VLAN port configuration on RED

    It would be extremely handy to be able to configure the individual ports on a RED to support different VLANs -- for instance, port 1 and 2 could have VLANs 20 and 30 tagged, with ports 3 and 4 running untagged (VLAN 1)... really handy for a branch office setup with VOIP, etc. It would also be nice to be able to configure a hybrid port as well.. .that is, one that you can configure a native VLAN on (untagged) with tagged VLAN IDs all on the same port, a la Cisco, etc.

    55 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  3. REDs : Usng the 3G uplink to perform firmware updates

    We have an opportunity that has about 90 remote sites and due to the cheap alternative of using 3G USB dongle for Internet access, they would like to see that the REDs device would have the ability to not just use the 3G connection as a failover link but is a primary link for all subsequent updates after initial provisioning at the HQ, Ethernet connection in those remote area is not possible.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  4. SPLIT TUNNELING

    Split tunneling will be beneficial in many scenarios where customer requires direct internet access at branches with RED units.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    As Alan mentions, this is already possible via a number of different configuration choices.

  5. RED: Connect to other ASG WAN Links

    If my ASG has more than one Internet Uplink, RED should be able to reconnect to another available link if the default connection is experiencing an outage. In this manner, RED would be aware of the other Link(s) available on that ASG, and would fall-back to re-establish the tunnel as needed using the next available connection, and then migrate back to the main/preferred one when possible.

    (If you previously voted for "RED Should be able to handle astaro's uplink failover", please place your votes here, as we cannot de-merge yet)

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  6. RED: MAC Address Whitelisting per-RED device

    RED could gain a degree of security by having a way to specify which MAC addresses should be allowed to connect via each device. This would provide some extra layers of protection for places where physical security cannot be guaranteed easily, such as cleaning staff plugging in a laptop during the night and gaining access to the corporate network.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  7. RED: Compression Support for Tunnels

    Please implement data compression ability for RED Tunnels. This would allow more effective throughput using RED devices with slow internet connections - especially with slow uplink speeds, and also saving RED Bandwidth on Internet Uplink on HQ if there's for example heavy usage of good compressible content as HTTP traffic, SMB access etc.

    59 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Failover Capability if ASG is offline

    RED's current fail-over internet access not much help. RED needs a fail-over internet access option for if the ASG becomes unavailable.

    Proposed functionality:
    If ASG becomes unavailable due to ASG side failure, Red should maintain it's config (LAN side IP, Wan IP ) and simply switch to split tunnel mode allowing internet traffic to flow out on the local internet uplink and tunnel traffic to just drop since the tunnel is down. When link to ASG is re-established it would switch back to unified routing mode. Internet uptime is critical, so we can live with RED splitting the internet bound…

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  9. RED: WAN Link Balancing

    RED devices should support more than 1 WAN interface (at least 2 WAN port) for link fail-over. Lots of organization's branches are using multiple WAN connection for emergency usage.

    61 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This feature has been released as part of the RED 50 device which is available now worldwide and has support for multiple Internet Uplinks.

  10. RED: 3G / UMTS connectivity via USB stick

    Almost every country in Asia has requested 3G support for RED via the USB port to allow 3G capable USB devicies to act as a WAN fail over. This is especially needed for countries with poor infrastructure and in remote areas

    44 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  11. RED: Support for Static / Fixed IP

    Astaro Red should be able to handle fix IP adresses

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  12. RED: Offline Provisioning to configure RED w/o Internet Access

    On some sites is a need to be capable to configure RED devices without internet access. Some companies does not allow configuration of devices via external provisioning servers, on other sites policies simply does not allow such access to internet.

    Maybe something as the possibility to redirect provisioning server requests to a own internal ASG which plays the provisioning system for the RED's...

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    This is already possible. When you remove a red, the hardware interface is removed, but the RED interface will still be on the interfaces list (allowing for the re-assignment of another RED for example without wiping the configuration). To remove all the RED config, simply delete the interface itself and all configuration regarding it will be wiped as well.

  14. RED10 Security

    The initial configuration for RED10 devices has no protection against a stolen RED10 device being used to connect back to internal systems.

    There needs to be an option to lock the RED10 device to an IP or hostname so that a connection won't be accepted unless it comes from the authorised location.

    For static IP's locking to an IP is fine

    For Dynamic IP's:

    Instead of locking to an IP it could be locked to a DNS host name. When a connection attempt is made the ASG hub could perform a Reverse DNS lookup. If the returned hostname for that…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.