SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Service definitions should start with high port 1024, not 1 (1:65535)

    The default as of now (v7.502) is that the service definitions all use port-range 1:65535 as standard. Most of them actually only uses 1024:65535. I think 1024:65535 would be much better and correct.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. 37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. IPS: Creation of Custom Rules (Snort)

    the possibility to add own snort rules would be great!
    Customers can add their special rules for their special needs,
    so we could be more flexible and more secure.

    The AxG can check the own rules via a new snort instance, if everything is fine -> add it to the ruleset.

    60 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  8 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Logging: Live Log for Packet Filter with Rule Filter

    Add a button on each rule, which opens the packet fitler live logs with a filter applied for the rule

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Network Protection: Audit policy from gateway

    The idea here is to create the capability for administrators to audit their firewall and security policies to determine how secure they are and want to be.

    This would involve the creation of a series of web pages, email sends, and other methods that virus/spam sites use to hack us, and create dummy viruses on those pages that would be used to create a report indicating where the vulnerabilities are, along with recommendations on how to fix them.

    Over time, this capability could be evolved to provide a comprehensive security audit.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Packet Filter "Test Rule" Button

    When using "group" containers of IP addresses in the packetfilter rules, it's often hard to tell which rule will catch a given (single) IP address or port during troubleshooting. How about a page or form where we can put in a test src/dest IP address and/or port and it will tell which packetfilter rule will catch it? Similar to how Packeteer's PacketShapers have the "Traffic Class Test". This would be hugely helpful when users call and say "I can't get to site abc.com" and you want to quickly know if it's in the range of addresses or ports that you…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Transparent Proxy User Authentication Rules

    Astaro today is capable of adding user based packet filter rules. Please extend the identification of user's IP addresses that are used in the user based packet filters to the information gathered from HTTP/S proxy authentications.

    This would e.g. enable real hotspot scenarios, where a user first has to authenticate against the transparent HTTP proxy and after that is allowed to access additional services like SMTP / IMAP / VPN.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Network Security: Vulnerability Scanner

    Implement a means whereby from the ASG you can scan networks for vulnerabilities.

    219 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Network Security: Automatic uPNP Support

    Adding NAT rules automatically through UPnP service would be also great for home users and probably some other small companies.

    160 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    39 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Network Security: Create firewall rule(s) directly from Live Log

    In order to make fine tuning of our product packet filter configuration easier, we should add a way to create packet filter rules with a small wizard so that if i see any packet that i want to explicitly drop or allow i can start a mini-wizard that helps to create a matching packet filter rule by either selecting existing definition objects or offering an easy way to create new definition objects, which later than get used in the pf rule..

    124 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Network Protection: User-Based SNAT

    A very useful feature is it to make it possible to use a user from Asg, whether local or remote for the SOURCE-entry for S-NAT instead of the IP-Address of the host. The IP-Address of the host is used from user-source like ldap, ad or e-directory, similar like SSO for the web-security. I need this feature to assign a host(IP)-independent "user-based" snat for a connection to a highly secured network.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Network Security: Drag'n'Drop sort of packet filter rules

    Improve the GUI to support a drag'n'drop sort of the packetfilter ruleset or also potentially other sortable list elements..

    64 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Server load balancing check port

    It would be great if we could select a port to check.

    If I configure a loadbalancing for service http, i don't want to check for port 80 - I'd like to check port 666/tcp for example (a kind of loadbalancer-Switch in IIS).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Networking: Block/Blacklist IP Globally

    A method is needed to quickly add an IP address or range to a "Deny Access" list.

    Currently you have to create a new network definition for each bad host and then drag and drop it on a group that is used to deny access. The number of entries in the network definition page can therefore get very large.

    There are several possible ways of implementing this:


    1. Have a "Deny Access" tab under Network Security that contains a group definition for denied hosts or IP ranges to which you can quickly add entries.


    2. Add a new type of group under…

    42 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Networking: Collapse & Clone Rule Groups

    It would be nice to have the ability to collapse and/or clone rule sets that are part of the same group to reduce clutter on the page.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Network Security: Logical "NOT" Support for Packet Filter, DNAT, etc...

    It would easily save a lot of work if we had the possibility to make a mass-rule with "NOT" operators, like accepting all traffic for all directions EXCEPT for some host or network etc..

    Like ACCEPT ANY ANY !Host"A"

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Network Security: Full IPS Rule List in WebAdmin

    If I want to manually build a logging filter for an intrusion protection rule, currently I have to look up the IPS rule code in your online documentation, then enter that numeric code on the Astaro box. Fast forward a few months, when I look at my manual entry, if I want to know what I was up to with that rule, I have to go back to your online documentation and look up that numerical code to see what it was for. This is very crude.

    It would be best to have an interface showing all the available IPS…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Import/Export to 'Manual rule modification' in IPS

    The decision was made to enable many snort rules. Now, the admin must change them one at a time. It would be advantageous to be able to import a list when we choose to disable a rule number.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. WebAdmin: Integrate Application Control into Firewall Rules Page

    Please make it possible to make firewall rules based on applications. For example allow traffic over port 80/443 for traffic which originates from teamviewer application, but nothing else over this port.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Firewall rule source e-directory, without Astaro Authentication client

    When creating a packet filter with source e-Directory user, there needs to be a client where the user needs to be authenticated on.

    My idea is to do this LDAP based.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.