SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Server load balancing check port

    It would be great if we could select a port to check.

    If I configure a loadbalancing for service http, i don't want to check for port 80 - I'd like to check port 666/tcp for example (a kind of loadbalancer-Switch in IIS).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Networking: Collapse & Clone Rule Groups

    It would be nice to have the ability to collapse and/or clone rule sets that are part of the same group to reduce clutter on the page.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Networking: Block/Blacklist IP Globally

    A method is needed to quickly add an IP address or range to a "Deny Access" list.

    Currently you have to create a new network definition for each bad host and then drag and drop it on a group that is used to deny access. The number of entries in the network definition page can therefore get very large.

    There are several possible ways of implementing this:

    1. Have a "Deny Access" tab under Network Security that contains a group definition for denied hosts or IP ranges to which you can quickly add entries.

    2. Add a new type of…

    40 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Network Security: Full IPS Rule List in WebAdmin

    If I want to manually build a logging filter for an intrusion protection rule, currently I have to look up the IPS rule code in your online documentation, then enter that numeric code on the Astaro box. Fast forward a few months, when I look at my manual entry, if I want to know what I was up to with that rule, I have to go back to your online documentation and look up that numerical code to see what it was for. This is very crude.

    It would be best to have an interface showing all the available IPS…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WebAdmin: Integrate Application Control into Firewall Rules Page

    Please make it possible to make firewall rules based on applications. For example allow traffic over port 80/443 for traffic which originates from teamviewer application, but nothing else over this port.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Firewall rule source e-directory, without Astaro Authentication client

    When creating a packet filter with source e-Directory user, there needs to be a client where the user needs to be authenticated on.

    My idea is to do this LDAP based.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. AstaroOS: Warn about using reserved ports

    I recently found out the hard way that the RED devices use Port 3400. However when I enter that port in Network Security the Astaro didn't know it was in use already by the RED management.

    I recommend that the OS be updated to warn when reserved ports are being used.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Network Protection: Bind VoIP Proxy to Interface

    It would be useful if the VoIP proxy was able to be assigned to a particular interface. If I have an internal VoIP server, it may not be on the same address as my default gateway, so it would be useful to assign another gateway interface instead of using policy based routing.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Networking: Exceptions for Country Blocking to Disable Logging

    We use country blocking a lot and and see a ton of DNS blocks from country in packet filter.

    I would like to have a check box to enable or disable logging of this feature, once i enable and see it is working i don't need to see all these in the packet filter log anymore, but need to be able to turn back on if I am diagnosing something.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. WebAdmin: Group Colour Picker

    While creating Firewall rules and implementing Rulegroups it would be nice to choose a specific colour for each group.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Network Protection: Support checks to database servers attached to Web clusters

    When we use 'Server Load Balancing', we can do a http check on a URL.
    When the server is up, and for example the database behind it is down, the user get a message the site is not found (error 404), on this moment the loadbalancer don't switch to the other server. When the loadbalancer check only on returncode 200 for the given site, the user don't get an error message and will be switched to the other server.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Notifications: IPS/IDS & Flood Protection

    Once a packet is classified by the IPS/IDS pre-processor (packet with no SID) a notification should be sent.

    Same for the UDP/TCP SYN/ICMP Flood Protection. Once the packet rate limit is reached a notification would be nice!

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. WebAdmin: Backup Separate Parts of Config for re-use (Eg. Firewall Rules or Definitions)

    I would like to export my packet filter rules and/or definitions (all or several) and import these to another astaro (same or different version). It will be usefull for all admins to get this rules in a shared web-database.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Network Security: Per-User IP/Service Tracking

    It would be nice to see what each IP is doing in your network. Tracking the services each uses. Mainly for tracking hacking.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Network Security: Per-Rule IPS Logging

    The ability to turn on detailed traffic logging for certain rules is a standard, and very useful feature of many IPS/IDS systems. This way the administrator can see the traffic (preferably in standard pcap format) that made a rule fire and decide if it is a false positive or a genuine attack. It is also a feature in snort, so it should not be very difficult to implement. The pcap files should be attached to the alert emails.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Networking: Concurrent Connections Limiter

    At this time there is no possiblity to limit the external connections from the ASG to a specific IP/ server.

    At our production location we have to use an external party that has a very strict firewall. If more than lets say 100 connections originate from the same IP, this IP gets blocked.

    It would be nice if an option becomes available in the ASG.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Network Security: Default new Packet Filter Rules to top

    When adding new Firewall Rules, make it so that I can set a preference that all new rules will be auto-placed at the top.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. allow support for PNRP (Peer Name Resolution Protocol

    The PNRP or Peer Name Resolution Protocol is becoming more popular and used with IPv6 technologies. Many of these technologies are present in Windows 7. One such technology is the Easy Connect feature which is now in Remote Assistance. It allows connecting to a friends or co-workers computer in a much easier way than sending invitations and figuring out passwords. Currently I cannot use this feature in our company behind the Astaro and it's very frustrating.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow changing packet flow. I would like to have the packet filter process packets first.

    As of now...it is too difficult to block https to certain websites. If the packet filter was first to process packets, it would be simple.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Generic Proxy selection of additional addresses

    It would be very useful to have the possibility to select a "virtual interface" (additional address) in generic proxy interface selection and not only a "real interface".
    In WAF "virtual web servers" it is already possible to select a "virtual interface" (additional address) in the interface selection.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.