SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
WAN-Bonding
Please implement the posibility to bond WAN-lines. Free FW-Appliances like pfSense are able to do that. Why not Sophos?
At home (my testing area, before I implement new confs in the company FWs) I have two ISPs. UnityMedia with 125/4 MBit and Telekom with 100/40 MBit. Only with an UTM it's not possible to bond the lines, so that I can use the full bandwith of both lines.
Momentary I've solved that by putting a pfSense-appliance between the IPS-modems and the UTM. So I reach speeds like 223/44 MBit.
But... why use an other appliance between ISP-lines and UTM? Why…29 votes -
Configurable MTU on RED
Please make the MTU size of the internet upstream configurable on a RED device. We're using a TV cable based internet upstream and to get full performance they ask us to set the MTU to 1420 what is not possible to configure. As cable internet is more and more widely used and upstream bandwidth raises all the times this is potentially needed by more users. Thanks a lot.
10 votes -
Uplink Monitoring - bind a monitoring host to a monitoring action
Scenario:
Main office communicates to multiple (3) branch offices over a single MPLS link. While we can create a monitoring host for each of the branch offices, it is not possible to bind a monitoring host to a particular action.
Presently when any of the monitoring hosts are detected to be offline, all Actions are performed. Greater granularity would allow the UTM to perform Action B only when Monitoring Host B is offline.
10 votes -
Uplink monitoring & automatic action
Automatic action (Interface & Routing ==> Uplink monitoring ==> Action) work only when the first interface in the Uplink Balancing ==> Active interfaces is in "Down" status
We would that automatic actions work with any interfaces in the Uplink Balancing ==> Active interfaces.
We would that automatic actions work also when an interfaces is in "Error" status (internet access is not OK,..)Thanks for your help
3 votes -
QoS Prioritization
The ability to prioritize data packets based on their QoS flags (TOS + DSCP) automatically on an SG UTM appliance. This would enable high priority items such as VOIP to take precedence over standard email, web traffic, etc without the need to create complex rules for traffic shaping, throttling or guaranteed bandwidth settings.
5 votes -
SNI Support for XG Firewall
Server Name Indication (SNI) can be used to host multiple SSL sites on a single IP/Port. See http://en.wikipedia.org/wiki/ServerNameIndication for details. It is already on UTM, but not XG. This will probably be needed if you ever decide to allow XG Firewall to request and manage Let's Encrypt certificates for multiple domains.
9 votes -
Add AWS Route 53 as a DynDNS provider
Add a DynDNS provider for Amazon Web Services (AWS) Route 54
4 votes -
Delete one DHCP lease
Please allow to delete one DHCP lease or to block one IP lease.
We need to block not authorized devices in our network.6 votes -
Make the TTL/Timeout for DNS Groups user-configurable in Webadmin
At moment DNS Groups have a default timeout of one week. You can only change that manually in cc-menu but it should be user-configurable in webadmin (there already exists an rpm for 9.407 said the support). Please make it possible to change it in webadmin for convenience!
5 votes -
SNAT with multiple addresses in source pool
Please add support for using a list of IP numbers as the "Change source to" field in an SNAT rule. Essentially, allow SNAT from may to few with overload.
As an example, in iptables, SNAT a /24 to 3 external addresses in round robin (with PAT only when needed) would be
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source x.y.z.1-x.y.z.3
Not currently possible with the UTM's UI.
2 votes -
DHCP Duplicate IP Detection
Have the UTM DHCP server ping the IP address before attempting to issue it like Windows DHCP Server, to avoid an IP conflict. e.g. static address within DHCP scope.
Currently, if the UTM offers an IP address that already exists on the network the client sends a DHCP Decline, however the UTM will continue attempting to issue the same IP and the client will get stuck in this loop.
29 votes -
ipoe
Support for IPOE, since it' s not only in use for consumer lines, but also for >100MB business lines, because lower overhead then pppoe.
17 votes -
Add a customizeable field for ddns
Please add the capability to add a custom dynamic dns definition. It may be fine for the most to choose between predefined vendors, but I want to use my own ddns on my own servers.
So what i would need is a vendor entry, in wich I can choose a custom fqdn or ip-adress to work with. It would be ok to use the protocoll form dyndns, maybe a possibility to choose would be nice to.6 votes -
NIC Hardware SFP+ OnBoard
NIC Hardware SFP+ OnBoard
A lots of customers bought the Supermicro X10SDV-TP8F motherboard. The 6 nics with 1 GbE are recognized, the two OnBoard 10 GbE SFP+ are not shown.
Please add support for these Intel D-1500 SoC interfaces!!2 votes -
mtu ignore
In environments where you have a Layer 3 core switch with Jumbo Frames enabled and you want to create a OSPF neighbor relationship between the Layer 3 switch and a UTM, the adjacency does does not form due to a MTU mismatch. On most network equipment you can either adjust the MTU size for the OSPF instance or ignore the MTU size all together. The UTM allows for neither. Please add functionality to adjust or ignore MTU size during OSPF neighbor formation.
2 votes -
qos setting dynamic limits on uplinks
I would like to allocate set bandwidth for different vlans (deparments) including voice traffic. Is it possible for us to setup a 100Mb link as follows:
VLAN1- 20Mb
VLAN2- 20Mb
VLAN3- 30Mb
VLAN4- 10Mb
VOICE traffic- 10MbI would like to have it set like the above but say if one vlan require more bandwidth and it is available on the link it should be able to grow. The limit should not be a maximum limit so to speak.
3 votes -
Prioritized QoS
Having the ability to have a hierarchical QoS that prioritized traffic based on certain criteria would be a useful feature. For example, allowing the use of YouTube video streams but marking them as a "low priority". When a user streams a video and they are either the only one on the network or everyone else is browsing at the same priority level, then the traffic will not be throttled. However, if another user starts a higher prioritized session while the video is streaming, YouTube's bandwidth is throttled to allow for the higher priority application to go unimpeded.
8 votes -
option to manage MSS-Size
Our internet connection requires a special MTU and MSS size.
The following rule is required to filter the traffic for all clients on the WAN and WiFiiptables -t filter -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN
-j TCPMSS --set-mss 1360This rule can only be added via the terminal and is not persistent.
Please make this option available in the GUI.64 votes -
Bridge - LTE to Ethernet
I want to bridge my USB LTE (4G) modem to Ethernet.
To my knowledge, this is not supported yet.More info: https://community.sophos.com/products/unified-threat-management/f/41/t/10885
7 votes -
vpn timeout
Please have a setting for Remote Access timeout after a certain time of inactivity via SSL etc.
Thanks!
16 votes
- Don't see your idea?