SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Protection: Improve Localization of Messages

    I would be nice to be able to better translate the web proxy messages. Currently, if you translate it to spanish, there are still english messages that are not appropiate for foreign language users.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Reporting: SNMP Trap for File-Scanning Oversize Files

    I would like an SNMP trap and/or email sent when a user requests a file that is scanned by the anti-virus system, but is larger than the threshold.

    This way I can gauge the size of the files that are being downloaded and also know if my threshold is too low.

    My BlueCoat Proxy AV will send an email and SNMP trap such as:

    Cause: Maximum file size exceeded (engine error code: 0x00000000)

    File has been passed through unscanned.

    2009-06-04 11:39:13-04:00EDT
    Hardware serial number: xxxxxxxxxx
    ProxyAV (Version 3.2.2.1(36678)) - http://www.BlueCoat.com/
    Machine name: ProxyAV
    Machine IP address: xx.xx.xx.xx
    Server: xx.xx.xx.xx
    Client:…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  3. VPN: Backend Authentication Support for PPTP

    Currently astaro support only RADIUS and LOCAL authentication in PPTP VPN.

    Since Astaro is using the open source PPTP which is PoPToP, authenticating on AD, LDAP, and others is possible. Would be great to have this added.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Management: Display SSH key fingerprint in WebAdmin

    This is a (very) minor feature. It would be nice if the SSH fingerprint would be available somewhere in WebAdmin (preferably under the Management->System Settings->Shell Access tab). This way, if the WebAdmin certificate is already trusted, the fingerprint could be compared by the administrator to the one reported by the ssh client instead of just blindly accepting it (which is a security problem).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  5. Logging: Restore Logs into new Installation

    When you install a new server, all logs are lost since the logs remain at the old server.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  6. Core: Database API

    Would like an API into the database so to pull stats for mail users into 3rd party application

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Installer: Allow custom Partitioning

    Allow to split the ASG installation on more than one HDD. ie mount /var/log partition on a separate hdd /dev/sdb1.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  8. Large SSL certificate sizes support

    I would like to be able to actually control the bit size limit if the certificate and ca for the ssl vpn feature like (4096)+ bit length

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  9. Mail Manager: "Bounce" option for Global cleanup

    In case of a misconfiguration or the introduction of an infected PC, it is possible for the mail queue to contain tens of thousands of NDRs.If they are deleted, they are replaced. If they are bounced, they are not replaced. 100 at a time takes too long, so the only current solution is to reinstall from scratch.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow mixed HTTP proxy modes for same subnet

    Actually Astaro chooses HTTP proxy profile by source network only. This disallows the use of 2 or more different proxy modes for same source subnet(s) without restrictions and workarounds. It would be helpful, if for same source subnet(s), if needed, between one and all proxy modes at same time could be activated.

    For the SSO, Standard and Basic Modes maybe a option to customize the proxy port for each profile and make the http proxy chosing the appropriate proxy profile using source network AND proxy port may allow this behaviour ?

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Networking: QoS Based on User Group

    Allocate service bandwidth based on user group membership via eDirectory/AD/or local group membership.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  12. Network Security: Logical "NOT" Support for Packet Filter, DNAT, etc...

    It would easily save a lot of work if we had the possibility to make a mass-rule with "NOT" operators, like accepting all traffic for all directions EXCEPT for some host or network etc..

    Like ACCEPT ANY ANY !Host"A"

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Connection Tracking module for ip_nat_netbios

    Connection tracking is implemented for typical tcp-protocols like FTP. Microsoft netbios based protocolls needs conntrack mode also.

    A sample solution is available e.g. from http://www.cse.unsw.edu.au/~matthewc/files/ip_nat_netbios.c, but other solutions should be available.

    For Firewalls between company networks with WINS and netbios protocol and NAT at the same time a connection tracking would be needed.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  14. Customizable User Certificate Validity Period

    User certificates (used for ssl VPNs) has very long duration (20 years?). IT revisions are not very satisfied with such configuration, proposed certificate validity is 1 year or less.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  15. Web Security: Redirect instead of displaying block page

    I am Astaro Hong Kong Support, for SMEs, they would like to Astaro provides redirecting page insteads of blocking page e.g) web security blocking page. SMEs can type their company webpage and don't want to display any blocking message.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo Comazzetto responded

    This feature is planned for UTM 9.1 which is targeted to begin beta in late 2012/early 2013 for release in Q1 2013.

  16. 6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  17. Create Filter Action Parts in Web Security

    This idea was already "Accepted (Long Term)" by the development team, but I wanted to throw it out here to see if anyone thinks it deserves quicker action...

    Rather than stop at adding a global blacklist, why not change the fundamental structure of Filter Assignments to have the different sections selectable instead of just an entire Filter Action.

    Instead of creating complete Filter Actions, it would be great to have Filter "Atoms" that are combined in a Filter Assignment. Just as a first thought, those sections could be 'Category Filter', 'Block these URLs/sites', 'Always allow these URLs/sites', 'Blocked file extensions',…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Logging: Global Search of Log Files

    Add the ability to globally search all logs for matching strings from a single entry box for a specified date/time range.

    50 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  19. VOIP Security: Customizable SIP port

    Some VOIP providers use a non standard SIP port number. I also imagine some companies using VOIP would like to use a non standard SIP port number given the chance.

    The request is to allow the port that the SIP service monitors to be changed from the default port of 5060.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  20. Mailsecurity: Prevent admin from downloading mails

    Even though I'm the admin of our groupware-server, I cannot read e-mails of other employees (unless they themselves gave me proxy-rights to their mail-account or shared one of their mailfolders with me). But I can download all e-mails which were put in quarantine. German law prohibits employees (including admins) from reading other people's mails. You could be jailed if you do so.
    I would like to have the mail download feature disabled. Even better if mails were stored in an encrypted format an the ASGs hard drive, to make it impossible for admins to read other people's mails.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.