SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Protection: "Web manager" for filtered HTTP proxy items

    Another idea from a customer:
    Similar to the Mail Manager, there should be a "Web Manager" which is allowed to release items that were blocked by the HTTP proxy.

    Example:
    Someone downloads an passwort-protected zip file via proxy. After the download, it cannot be scanned because the file is protected, and is blocked. But the user needs that file. Now the admin would look at the blocked items and release it.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Networking: Server Load Balancing with only 1 Server

    We should be able to create a server load balancing rule with only one server in it. Right now, you have to create/edit a rule with at least two. Not allowing this prevents you from temporarily removing a server from a pool for maintenance.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  3. WAN Multipath: Use additional addresses for NAT

    when more then one address is configured on a physical interface it should be possible to use multipathing with these additional addresses.
    so that its possible to make nat rules like:
    uplink_itf(second-adress wan1/second-adress wan2)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  4. Networking: Display active DNS clients

    When viewing DNS settings, you can see the static enteries you have configured, but you should also be able to view active clients... like you can with active leases in DHCP.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  5. Firmware Update via USB Stick

    Copy the up2date-release on a usb-stick, plugin into the usb-port of the asg-device and then press at webmin-gui the (new) button "import update from usb-device".
    This will give you the option to make a update on an asg without download / upload the firmware-release. In some reasons you don't want to make an automatic systemupdate.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  6. WebAdmin: Comment boxes for all areas

    I would like to have a comment box, how we (windows-) admins know from Active Directory-MMCs.
    This comment boxes should be at the bottom of all WebAdmin-config-sites.
    And in this comment boxes, we could write any infos (for other admins), comments, ideas, todo's, ...

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Multi-Category White / Black Lists

    We need a way to specify more complex content filter rules since the addition of multiple categories.

    Allow the content filter to have blacklisted and whitelisted categories at the same time, and allow them to decide which one "wins".

    For instance, if a user wants to blacklist Games, but allow Educational, they could. They could also allow Shopping, but block Intimate Apparel. Currently if you select only 1 category, the site will be blocked even if you have whitelisted others it matches.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. active directory re-authentication

    web security should reauthenticate against active directory every 10-30min so that when (guest) account is locked they are unable to get through web security

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. WebAdmin: Select interface for SNMPd

    It would nice to be able to bind the snmp daemon to defined addresses.

    For example a problem:
    Monitoring through VPN (ipsec0) is not working cause the snmp-read requests to a local interface of the astaro are answered by the ip of the ipsec0 interface (outgoing). Therefore the replies can not be assigend to the former read.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Networking: DNS Incoming Load Balancing

    It would be cool if the UTM could update DNS records to balance the incoming traffic. By changing the DNS answer across the public addresses configured on the UTM, the records could update (although with a delay) in reference to how much bandwidth and connection are used on the WAN links at a point in time to avoid new incoming connections being delivered to overloaded links.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  11. Networking: Time-Based WAN Link Balancing Rules

    If multi-path rules can be defined with time-based behavior (for example a rule is from 8am to 5pm active) and the possibility with 2 other feature requests (Create "Uplink Interface Groups" or Multi-WAN-Uplink: User-Defined) you can defined very cool multi-path rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Domain/Address-based Quarantine of Messages

    It would be great if we could drop incoming SMTP email based on domain or email address straight into quarantine rather than Blacklist.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Authentication: Additional LDAP Attributes Support

    Add a configuration option for adding a query filter attribute for additional email-addresses for user settings.
    like searching for email destination (|(mail=%s)(otherMailbox=%s))

    Its easier to maintain email-aliases like info@domain.tld in central directory.

    Also, other attributes like First and Last name should be selectable if possible

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Management: Auto-Populate Networking Definitions via Scan

    By scanning the local IP-space of connected/configured internal (non-gateway) interfaces, discovered IPs should be auto-added to the definitions list using their hostname as the title (if available) otherwise just fill in the IP for both the address and the name.

    This saves admins having to define their objects from scratch, and they can always delete the object definitions they don't want/plan to use. This should be done either automatically, as part of the wizard, or on request.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. VPN: IOS XAuth Password

    Currently the configuration available via the UserPortal automated setup has no way to include a password for the user, which they must then specify every time they connect. Including the password would allow one-touch VPN connecting!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  16. Authentication: Add new user to existing group

    When creating new user it would be nice to be able to put the new user in an existing group as part of the creation process.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Mail Protection: Report message as SPAM via Mail Log in UserPortal

    Users would like the ability to report any spam that makes it to their inbox. Ideally, there would be a "report" button or link right in the users mail log next to every message that is delivered to the inbox. For quick-picking, it would be nice to have a button for "CONFIRM" to the mail quarantine digest too.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Reporting: Detailed Network Reports for Billing

    Basically we use Astaro in environments where we have multiple networks or from differenet companies and the parent company would like to monitor usage, in detail (inside and outside the proxy), be able to put a dollar figure on data, with and without thresholds and then export a simple usage report for billing purposes.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. SNMP trap for Uncategorized Sites

    We need a SNMP trap that notified to the NOC center that an website visited by a user is not categorized.
    It's very important to have this warning for companies that provide MSS.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  20. L2TP/RADIUS use PAP flag

    We use an openldap server to maintain our user accounts for a large infrastructure of Linux hosts. Because the unix passwords are hashed with MD5, our radius server has to have the plaintext password passed to it to perform authentication against our LDAP server - we can not use any of the challenge/response type systems for authentication.

    The LDAP/Radius authentication system on the ASG expects to be able to use these challenge/response authentication protocols, and does not currently provide anyway to specify which to use from the UI. I can hack the /var/chroot-ipsec/ppp/options-default file and add stanzas like:

    refuse-eap
    refuse-chap …

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.