This request is more and more a demand coming from customers that sometime have strong requirement for their routing backbone. Could be a very good point to implement this kind of feature.13 votes
EURODNS is using standard DYNDNS protocol : https://www.eurodns.com/products/plugins/documentation/2 votes
time bound interface policy control would really help us.1 vote
Can we please have the ability to setup a RED tunnel between an XG UTM and an SG UTM? I am NOT talking about a RED device itself, rather a RED tunnel between 2 UTM's. I know I can do IPSEC but RED tunnels would be handy.1 vote
Thanks for sharing youtr idea with us. This capability is currently being worked on, and will be added in the next version of XG
When configuring a request route, the ability to specify the primary, secondary and tertiary DNS would allow clients to control what the priority and order the UTM uses for each DNS.1 vote
Create a field that describes each entry that is within MAC address definition list.
In our case we've created a white-list for wireless devices and it currently appears as a large list of indistinguishable devices.
A simple field tied to these addresses would improve management. Having the logs reference this field would also be a benefit as we currently have difficulties identifying the devices that are within our list when there is an issue.5 votes
Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
This can help much to prevent false positive gateway status.
The same feature could be added on VPN Failover system19 votes
Free Dynamic DNS - Get hostnames for your dynamic IPv4 and IPv6 addresses within seconds.3 votes
Sophos need to introduce a better option for traffic shaping. If there are two wan links with unequal capacity. There is no way that you can avoid on link from choking.
So far Sophos support connection ratio for uplink but a single connection can choke all the bandwidth of WAN Uplink.
In order to restrict a host you need to define bandwidth pool and that is very convenient if you have 500 users.1 vote
as example DNS host github.com changes IP every 30 seconds:
$ dig github.com +trace
github.com. 30 IN A 126.96.36.199
with multiple dns requests:
github.com. 30 IN A 188.8.131.52
github.com. 30 IN A 184.108.40.206
github.com. 30 IN A 220.127.116.11
but DNS host / DNS group checks every 2 minutes, and LAN servers
accessing the host are not able if they have different IP for it as the utm9
my suggestion: DNS group should not remove "old" IPs or replace new IP if IP differs, it should do a FIFO queue and older IPs removing after an expiring time1 vote
This will help us to reduce time, management in this operation.
Policy Rules with the same same destination, ports, gateway through but with the source address different, could be easily cloned with based from other one.12 votes
Add support to choose multiple Hosted Address when create a Business Application Policy.
Imagine a customer with 3 WAN links and 50 Business Application Policies rules. It is needed create 150 Rules for this. This is a real case today.11 votes
It would be great if i can get a list or report of all defined networks (maybe for routes too). At the moment i have to do this by showing all networks and hosts, choose all and copy/paste, clear all i don't need. :o(
Thank you :o)1 vote
One Endpoint Agent that has all the capability like SSL/IPSec VPN, Authentication,AV, .. etc. And make space for new modules to be added.
One Endpoint Agent that has all the capability like SSL/IPSec VPN, Authentication,AV, .. etc. And make a space for new modules to be added.1 vote
Automatic DSL reconnects don't invalidate the route cache.
Hosts can not be reached until the uplink monitoring detects the interfaces being restarted.
Details are discussed with support legend BAlfson in the forums: https://community.sophos.com/products/unified-threat-management/f/54/t/742551 vote
Adding support for this provider should be very easy1 vote
Currently if you are running a continous ping out WAN1 and it fails over to WAN2 the state table does not get flushed or updated for the ICMP request and the pings will fail even though the connection is up. Going in and manually clearing that connection "conntrack -D -d 18.104.22.168" will fix it. This is helpful in troubleshooting fail over and monitoring fail over time. Many other firewall manufactures do this.1 vote
Some customers ask to have possibility monitor in Uplink monitor not only availability, but also SLA metrics: Jitter, packet loss, delay.
Based on some threshold choose the best Uplink.
It's good to have not only UTM, but also for RED.1 vote
As above. A feature that should have been included buts was left out.1 vote
to bundle multiple WAN connections (Locator/ID Separation Protocol = LISP).
And a ready to use EC2 Machine as endpoint for self hosting.6 votes
- Don't see your idea?