SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Neworking: Even more Dynamic DNS Providers. (Eg No-IP)

    Allow me to choose every DynDNS server (or add No-IP DynDNS to list!)

    128 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  40 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  2. Dynamic DNS Provider - DNS-O-Matic

    DNS-O-Matic provides you a free and easy way to announce your dynamic IP changes to multiple services with a single update. Using DNS-O-Matic allows you to pick and choose what Dynamic DNS services you want to notify, all from one easy to use interface. www.dnsomatic.com

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow renaming of Network Interface eth0 on virtual appliance

    Currently (i.e v9.004-34) on a virtual UTM, the interface does not allow you to rename the Eth0 network interface from "Internal".

    I have been informed by support that this is not a bug - even though it does not do this on any of the physical appliances that we have.

    I don't know why you would have made a design change like this but please can you restore the ability to rename the eth0 Network Interface because it is not helpful when you have an interface named "Internal" when it is your public internet interface!!!

    Thanks.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. Networking: Add DNSSEC validation to ASG recursive DNS server

    I would like the option to enable DNSSEC validation within the ASG server.

    There are two parts to DNSSEC: the signing of domains within registrars and DNS hosting providers; and the validation of those domains within local recursive resolvers. The part I am most interested in is the latter. I would like to be able to turn on DNSSEC validation and have my home network start to get the added security benefit of DNSSEC. The ASG's recursive resolver would then request the additional DNSSEC-related records (RRSIGs) and perform the appropriate validation to ensure that the DNS records were not modified…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. Networking: Address "Buffer Bloat" with Codel algorithm

    CODeL buffer algorithm to help reduce buffer bloat

    the Algorithm is light and easy to implement (so i've been told anyway) and doesn't require any user settings or tweaks.(other than on/off)

    More info here http://queue.acm.org/detail.cfm?id=2209336

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  6. Networking: Allow monitoring via Span / Mirror Port

    Frequently customers would like to demo the Network Visibility, IPS, or other potential things which "might" be caught if the device were installed (bridged or as the gateway). However for the demo, they must do this with minimal chance of disrupting network traffic (or to bake off against other solutions as well). For this, UTM should be able to plug into the Span/Mirror port on a switch and provide monitoring and reporting on the traffic seen.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  7. Networking: Granular QoS

    Provide a means of applying QoS to users and sessions, so that granular controls can be applied as needed to better control traffic and bandwidth.. Fine-tunes the offering of QoS to allow for more specific environments and configurations.

    162 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support PPPoE RFC 4638 (MTU > 1492)

    FTTC PPPoE in the UK supports an MTU of 1500.

    pppd 2.4.6 is required for RFC 4638 support (this is in git but not yet released) See http://git.ozlabs.org/?p=ppp.git;a=commit;h=fd1dcdf758418f040da3ed801ab001b5e46854e7

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  9. WAN Link Balancing: Create "Uplink Interface Groups"

    Regarding uplink load balancing, I'd like to create low cost DSL farms for HTTP browsing while reserving our T1 connection for two way bandwidth intensive operations. To do this I'd need Uplink Interface Groups. In uplink load balancing, HTTP access would be assigned an uplink interface group containing three DSL uplinks. The rest of the traffic would be assigned the T1 uplink interface.

    24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  10. WebAdmin: Allow Changing the Default WebAdmin IP Easily

    Why is Astaro the only vendor who doesn't allow changing the LAN IP address while connected to it? This is asinine, especially during the initial setup wizard!

    The feature reads as: allow changing of the IP address of the LAN IP during the setup wizard. Further, currently I cannot change the IP of an interface if i am connected over it, i have to make a new interface, connect over that, then change the IP of the interface i wanted to in the first place. This is tedious.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    In order to correct a few mistaken statements, allow me to comment.

    As of ASG 8.200, you can fully change the IP of the “connected” (or LAN in this example) interface via WebAdmin. It is also possible to change it during the Wizard.

    As such, I’ll refund the points and mark this as complete.

  11. Networking: VLAN and LAN on the same Interface

    It is useful to have LAN(default) and VLAN on the same Interface, so you can have one uplink from your switch, at this time you need 2 cables to connect your switch.

    68 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Networking: Support for Public IP for use with DynDNS tool when behind NAT

    Add the possibility to choose the first public IP on a selected interface, not only the default route.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  13. Networking: Multiple bridge support

    Many SMBs have outposts that do not have the perfect infrastructure to install servers there.
    So for several reasons (Security and Maintenance) we would like to install their dedicated servers in the HQ but appearing still as LAN devices.

    Pretending bandwith is not an issue we would like to use RED to connect the outpost clients to the servers in the HQ.
    To keep the network simple we need the possibility to configurer more than one bridge interface in ASG
    The servers appear to be in the clients local network, but are protected and seperated behind Astaro Gateway.

    Example:
    RED-Interface.1…

    828 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  14. virtual ethernet interface

    need some tool to create a virtual ethernet interface eth0.1 eth0.2 .....

    something based on or like this:
    http://www.g-loaded.eu/2005/11/05/assign-virtual-ips-to-your-nic/

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Gert Hansen responded

    Hi there,

    this is already possible, we call this feature “Additional Adresses” there you can configure multiple network segments on the same physical interface.
    Go to WebAdmin > Interfaces & Routing > Interfaces > Additional Adresses.

    Regards
    Gert

  15. Networking: Packet-Based QoS for IPSec

    Currently QoS-rules only allow matching on connections, which limits the options that are available for matching IPsec encapsulated tunnels. Due to the fact that the ToS-Options of an IP packet encapsulated using IPsec are copied to the IPsec/IP header, it would be good to be able to match on DSCP-Flags per packet on this kind of traffic.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    While not as described, we have added the ability of keeping traffic selector classification after encapsulation. This enables scheduling of packets after IPsec transformation, and solves your request. You’ll find it on the advanced tab of QoS in UTM9. Enjoy!

  16. Add Support for Hurricane Electric as IPv6 Tunnel Broker

    Please add support for Hurricane Electric as an IPv6 tunnel broker. I have found SixXS to be a little problematic and Freenet6/gogo6 has no USA POPs. See Also: www.tunnelbroker.net

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow static reverse dns entries

    Please allow to make static reverse dns entries into the local dns server.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  18. Networking: Bandwidth monitoring for PPPoE lines

    i like to see that the Bandwidth Monitor support PPPoE dynamic DSL Interfaces. I think a lot of users have such type of Interface and would liek to see the connections

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    The network visibility bandwidth monitor works for these type of interfaces in ASG V8 and UTM 9.

  19. FTP routing via second WAN

    At the moment it is not possible to route FTP traffic via policy routes through a second WAN interface - even with FTP-Helper activated.
    The gateway interface is the only one that seems to work with FTP

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Completed  ·  Angelo Comazzetto responded

    Outgoing FTP can indeed be sent out a desired interface in V8 using the WAN link balancing.

  20. Bulkload network definitions from file

    Make it possible to add network definitions in bulk from (for example) a spreadsheet or a comma seperated file. I'm thinking of this as an alternative to adding each manually through the web UI.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.