SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Security: Single-Sign-On (SSO) Fallback Authentication Support

    In large networks, without a good IP plan, there is a need to authenticate a lot of PCs.

    Some are joined in the AD domain, some not, and if they want to use AD SSO for the http proxy as much as they can.. there is no chance to have a fallback authentication method if the PC that we want to authenticate is not on the AD server.

    What would be enough is to have a fallback authentication method for Web Security if the AD SSO is activated on the ASG and the client PC does not have AD membership/credentials.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Customizable Message of Default "content not allowed" error

    Hello,

    unfortunatly it´s still not possible to customize the message for content, which is not allowed.

    This message appears, if someone has configured a proxy profile with whitelist filteraction. It´s not customizeable, because in this case it´s not blocked by surf protection, by virus protection or by blacklist.

    Please add this message also to the customization menu in webadmin.

    thanks

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Reporting: Backup / Export of On-Box Reports

    Allow for the backing up of the reporting data, similiar to the executive report. Also add the ability for this backup to be sent daily/weeky/monthly via pdfs and the other nuances of the existing system, in addition to being able to be downloaded directly from WebAdmin on demand.. Gives admins the ability to backup their reporting information, which is currently not possible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  4. MailSecurity: Automatically Add Domains

    With mail hosting MSP's and others that make use of multiple domains (hundreds even thousands) on their ASG or AMG, it would be nice if they could just input a nameserver which would then resolve the configured domains and add them to the SMTP proxy vs having to enter them each time.. Allows for easier adoption and addition of many email domains, for those customers in this space.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WebSecurity: Cache scanning results of files

    The scanning of downloaded files is a time and ressource consuming task. To optimize this task, already scanned files could be whitelisted so they don't need to be scanned a second time and/ or could be taken directly from the local cache.

    To identify a file you can compare information like checksums, file-type, file-size, date, Webserver, ....

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Web Protection: Strip "Zombie" & Super Cookies

    There are some cookies which could be detected and stripped by the proxy in-line. Would be great to prevent this type of cookies from being downloaded by users.

    http://www.infoworld.com/t/internet-privacy/zombie-cookies-wont-die-microsoft-admits-use-and-html5-looms-new-vector-170511

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Caching of Files for ReDistribution (Low Bandwidth Support)

    the problem:
    a customer with a 378KB connection (sad but true here in germany) has massiv problems when microsoft has patchday. It would be nice if astaro would support caching patches and updates as a feature.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow import of more than one sites in Virtual web server configuration

    Today, this is not possible to import a list of web site in the virtual web server configuration. It could be great to just add an import/export button as we have in many others settings area.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Mail Protection: Route to certain recipient domains by Smarthost

    For better results in logfiles it best not to use a smarthost. But even with perfect configured systems it's sometimes inpossible to send mails to receipients with missconfigured or old antispam systems. Sometimes the problem is just being on old dynamic ip blacklists or someting like this. In this case it would be fine to send to these recipient domains via a smarthost. This could be done via the rounting option in the smtp profile but in this configuration there is missing an option for the authentification to the smtp relay / smarthost. Would be fine to have an additional…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. AstaroOS: Restore Encrypted Backups via USB during Boot

    Currently you can place a backup file on a USB stick, name it to restore.abf, and it will be installed during boot up.

    Please provide the feature to permit the upload of an encrypted configuration file (.ebf) during the boot of the firewall by prompting for the password during boot which is entered via console (or ideally perhaps the LCD??)

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Network Security: Per-User IP/Service Tracking

    It would be nice to see what each IP is doing in your network. Tracking the services each uses. Mainly for tracking hacking.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. AstaroOS: 3rd Party Plugin API

    Looking for the ability to create and upload custom plugins. For example listen for events such a new DHCP lease and then create a new routing or packet filtering rule. Would like to see this in a scripting language that can be sand-boxed such as Groovy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  13. Reporting: Display Service Port/Details via Popup in Reports

    Hi while looking at some Usage on an Astaro Box.
    I was Looking at
    Logging & Reporting
    Network Usage
    Bandwidth Usage
    Top Services

    When you Hover over the "Service" a Popup comes up telling you the same thing as what is written as the "Service".
    It would be really handy if the Popup said the port Number instead of the service again.

    ie Service "SCIENTIA-SSDB" now off the top of my head I don't remember what port that is yet I have traffic on it, So I now need to do a google search to find out what port it…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. VPN: Restrict Roadwarrior VPN Connections by Source

    To ensure that even service engineers or any other users will be able to connect to company's network only from restricted IP/network.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reporting: Historic change reporting

    While ASG already tracks every change made, it would be nice to have this information delivered as a summary report.
    Possibility to
    * generate reporting about system configuration changes done by different admins (i.e. creation of new groups, modification of rules, etc.)

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. RED: Power over ethernet support

    A powerswitch via ethernet would help to reset a red.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  17. ASG Hardware: Rear USB Ports

    Hi,
    with ASG220 rev4 the USB ports on the backside of the ASG got lost.

    This is not very useful, because know I have to put UPS and KVM cable to the front.

    Please have 2 USB Ports on the backside again.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Network Security: Per-Rule IPS Logging

    The ability to turn on detailed traffic logging for certain rules is a standard, and very useful feature of many IPS/IDS systems. This way the administrator can see the traffic (preferably in standard pcap format) that made a rule fire and decide if it is a false positive or a genuine attack. It is also a feature in snort, so it should not be very difficult to implement. The pcap files should be attached to the alert emails.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Networking: Separate DHCP server for IPv6

    I want DHCPv6 to be managed by Active Directory. This would create a situation much like many organisations today - the firewall is managed by group A (network / firewall group) and DHCP is managed by the group B (Wintel / Active Directory team).

    Would it be possible to use RA's to provide v4 addresses to O/S's that do not (currently) support DHCPv6 yet still have those machines that do support DHCPv6 work? Would it be possible to have them both running at the same time, using stateless autoconfiguration as a failback in case the guest does not support DHCPv6

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Wireless: Bind SSID's to an Interface

    I think it would be very useful the possibility to choose the interface card that you want to use binded to a wireless interface. In this way, if you have for example 3 interface cards that you want to be available for an AP (and all AP are connected to the same interface, ie internal), you can bind each SSID to a specific interface without manually creating any Wi-Fi network, and avoiding to duplicate-triplicate the packet filter rules, DNS configurations, masquerading configs, proxy profiles, and so on.

    IE: You have Internal, DMZ, Guests physics interface cards, you will simply:

    Bind…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.