SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Large SSL certificate sizes support

    I would like to be able to actually control the bit size limit if the certificate and ca for the ssl vpn feature like (4096)+ bit length

    3 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    • LLDP: Link Layer Discover Protocol

      Please add support for the LLDP Protocol. This would superseeds protocols like cdp edp and so on. An opensource Implementation is aviable.

      24 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Mail Manager: "Bounce" option for Global cleanup

        In case of a misconfiguration or the introduction of an infected PC, it is possible for the mail queue to contain tens of thousands of NDRs.If they are deleted, they are replaced. If they are bounced, they are not replaced. 100 at a time takes too long, so the only current solution is to reinstall from scratch.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow mixed HTTP proxy modes for same subnet

          Actually Astaro chooses HTTP proxy profile by source network only. This disallows the use of 2 or more different proxy modes for same source subnet(s) without restrictions and workarounds. It would be helpful, if for same source subnet(s), if needed, between one and all proxy modes at same time could be activated.

          For the SSO, Standard and Basic Modes maybe a option to customize the proxy port for each profile and make the http proxy chosing the appropriate proxy profile using source network AND proxy port may allow this behaviour ?

          6 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Mail Security: Granular Encryption Control

            If a user is enabled to use mail encryption there's currently only the option to sign all of their outgoing mail or nothing.

            I'd like to have another option to sign only mails for listed recipients (single [billg@microsoft.com] or domain [*@astaro.com])

            92 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              20 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Networking: QoS Based on User Group

              Allocate service bandwidth based on user group membership via eDirectory/AD/or local group membership.

              14 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • Network Security: Logical "NOT" Support for Packet Filter, DNAT, etc...

                It would easily save a lot of work if we had the possibility to make a mass-rule with "NOT" operators, like accepting all traffic for all directions EXCEPT for some host or network etc..

                Like ACCEPT ANY ANY !Host"A"

                32 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Connection Tracking module for ip_nat_netbios

                  Connection tracking is implemented for typical tcp-protocols like FTP. Microsoft netbios based protocolls needs conntrack mode also.

                  A sample solution is available e.g. from http://www.cse.unsw.edu.au/~matthewc/files/ip_nat_netbios.c, but other solutions should be available.

                  For Firewalls between company networks with WINS and netbios protocol and NAT at the same time a connection tracking would be needed.

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                  • Customizable User Certificate Validity Period

                    User certificates (used for ssl VPNs) has very long duration (20 years?). IT revisions are not very satisfied with such configuration, proposed certificate validity is 1 year or less.

                    5 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • Networking: QoS For VPN Traffic

                      Allow for Quality of Service rules to be created that apply to VPN traffic of roadwarrior and site-site.. Allows for better management of traffic limits and gives admins the ability to guarantee and control bandwidth across VPN's. Perhaps part of a V8 Revamp of QoS?

                      195 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        8 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                      • Web Security: Redirect instead of displaying block page

                        I am Astaro Hong Kong Support, for SMEs, they would like to Astaro provides redirecting page insteads of blocking page e.g) web security blocking page. SMEs can type their company webpage and don't want to display any blocking message.

                        22 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          Planned  ·  Angelo Comazzetto responded

                          This feature is planned for UTM 9.1 which is targeted to begin beta in late 2012/early 2013 for release in Q1 2013.

                        • MailSecurity: support SMIME Domain Certificates for encryption

                          Being able to encrypt all emails of a specific domain with only a single certificate. This makes message based email encryption an lot easier and astaro more compatible with other email encryption players

                          128 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            15 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • 6 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Create Filter Action Parts in Web Security

                              This idea was already "Accepted (Long Term)" by the development team, but I wanted to throw it out here to see if anyone thinks it deserves quicker action...

                              Rather than stop at adding a global blacklist, why not change the fundamental structure of Filter Assignments to have the different sections selectable instead of just an entire Filter Action.

                              Instead of creating complete Filter Actions, it would be great to have Filter "Atoms" that are combined in a Filter Assignment. Just as a first thought, those sections could be 'Category Filter', 'Block these URLs/sites', 'Always allow these URLs/sites', 'Blocked file extensions',…

                              10 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Network Security: Create firewall rule(s) directly from Live Log

                                In order to make fine tuning of our product packet filter configuration easier, we should add a way to create packet filter rules with a small wizard so that if i see any packet that i want to explicitly drop or allow i can start a mini-wizard that helps to create a matching packet filter rule by either selecting existing definition objects or offering an easy way to create new definition objects, which later than get used in the pf rule..

                                120 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Logging: Global Search of Log Files

                                  Add the ability to globally search all logs for matching strings from a single entry box for a specified date/time range.

                                  50 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    7 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                  • VOIP Security: Customizable SIP port

                                    Some VOIP providers use a non standard SIP port number. I also imagine some companies using VOIP would like to use a non standard SIP port number given the chance.

                                    The request is to allow the port that the SIP service monitors to be changed from the default port of 5060.

                                    11 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Mailsecurity: Prevent admin from downloading mails

                                      Even though I'm the admin of our groupware-server, I cannot read e-mails of other employees (unless they themselves gave me proxy-rights to their mail-account or shared one of their mailfolders with me). But I can download all e-mails which were put in quarantine. German law prohibits employees (including admins) from reading other people's mails. You could be jailed if you do so.
                                      I would like to have the mail download feature disabled. Even better if mails were stored in an encrypted format an the ASGs hard drive, to make it impossible for admins to read other people's mails.

                                      6 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Mail Protection: SMTP relay by domain

                                        Would be extremely beneficial to incorporate a list of allowed domain names to relay for authenticated users.

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          3 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Backup: Partial Backup/Restore

                                          Allow a user to create and restore backup files that contain only parts of the configuration.. users would be able to selectivly make use of various parts of the configuration in other firewalls, allowing for easier rollout of multi-site locations. As well, they can restore only parts of a backup file that are required, thus allowing for faster recovery and without affecting all areas of the box.

                                          66 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            10 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.