SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Mail Security: Blacklisted Sender Options

    Currently, any mails received from an e-mail address in the sender blacklist (under Mail Security / SMTP / Anti-Spam) are silently dropped.

    How about providing an option where you can choose to do the following:

    1) Silently drop / blackhole the email (current functionality)

    2) Quarantine the email so the end user can choose to release

    3) Bounce the email to the sender with a customisable message

    4) Redirect the email to another destination address.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. LCD-Display Configuration via WebAdmin

    It would be usefull to configure the output for a small LCD-Display using the webinterface.
    I m using a fanless system without monitor.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Network Security: Automatically add hosts to IPS Performance Tuning

    For example, a host entered in the 'Host list' on the 'Routing' tab of 'SMTP' should automatically be put into 'SMTP servers' on the 'Advanced' tab of IPS.

    A host used in a 'DNS request route' should automatically go into the 'DNS servers' box.

    On the 'Global' tab of IPS, don't allow an 'Interface (Network)' to be put into the 'Local networks' box if the interface is a DSL or modem type; at least warn that the admin should not put a public network into the box.

    Add Remote Gateways to the IM/P2P skiplist.

    Etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. MailSecurity: Queue delays should be configurable

    Please, let a way to configure the delays for queued Email managment (retry frequency, retry duration, etc...)

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web Protection: Improve Localization of Messages

    I would be nice to be able to better translate the web proxy messages. Currently, if you translate it to spanish, there are still english messages that are not appropiate for foreign language users.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Reporting: SNMP Trap for File-Scanning Oversize Files

    I would like an SNMP trap and/or email sent when a user requests a file that is scanned by the anti-virus system, but is larger than the threshold.

    This way I can gauge the size of the files that are being downloaded and also know if my threshold is too low.

    My BlueCoat Proxy AV will send an email and SNMP trap such as:

    Cause: Maximum file size exceeded (engine error code: 0x00000000)

    File has been passed through unscanned.

    2009-06-04 11:39:13-04:00EDT
    Hardware serial number: xxxxxxxxxx
    ProxyAV (Version 3.2.2.1(36678)) - http://www.BlueCoat.com/
    Machine name: ProxyAV
    Machine IP address: xx.xx.xx.xx
    Server: xx.xx.xx.xx
    Client:…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  7. VPN: Backend Authentication Support for PPTP

    Currently astaro support only RADIUS and LOCAL authentication in PPTP VPN.

    Since Astaro is using the open source PPTP which is PoPToP, authenticating on AD, LDAP, and others is possible. Would be great to have this added.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  8. Management: Display SSH key fingerprint in WebAdmin

    This is a (very) minor feature. It would be nice if the SSH fingerprint would be available somewhere in WebAdmin (preferably under the Management->System Settings->Shell Access tab). This way, if the WebAdmin certificate is already trusted, the fingerprint could be compared by the administrator to the one reported by the ssh client instead of just blindly accepting it (which is a security problem).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  9. Logging: Restore Logs into new Installation

    When you install a new server, all logs are lost since the logs remain at the old server.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
  10. Core: Database API

    Would like an API into the database so to pull stats for mail users into 3rd party application

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Installer: Allow custom Partitioning

    Allow to split the ASG installation on more than one HDD. ie mount /var/log partition on a separate hdd /dev/sdb1.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  12. Large SSL certificate sizes support

    I would like to be able to actually control the bit size limit if the certificate and ca for the ssl vpn feature like (4096)+ bit length

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  13. Mail Manager: "Bounce" option for Global cleanup

    In case of a misconfiguration or the introduction of an infected PC, it is possible for the mail queue to contain tens of thousands of NDRs.If they are deleted, they are replaced. If they are bounced, they are not replaced. 100 at a time takes too long, so the only current solution is to reinstall from scratch.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow mixed HTTP proxy modes for same subnet

    Actually Astaro chooses HTTP proxy profile by source network only. This disallows the use of 2 or more different proxy modes for same source subnet(s) without restrictions and workarounds. It would be helpful, if for same source subnet(s), if needed, between one and all proxy modes at same time could be activated.

    For the SSO, Standard and Basic Modes maybe a option to customize the proxy port for each profile and make the http proxy chosing the appropriate proxy profile using source network AND proxy port may allow this behaviour ?

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Networking: QoS Based on User Group

    Allocate service bandwidth based on user group membership via eDirectory/AD/or local group membership.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  16. Network Security: Logical "NOT" Support for Packet Filter, DNAT, etc...

    It would easily save a lot of work if we had the possibility to make a mass-rule with "NOT" operators, like accepting all traffic for all directions EXCEPT for some host or network etc..

    Like ACCEPT ANY ANY !Host"A"

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Connection Tracking module for ip_nat_netbios

    Connection tracking is implemented for typical tcp-protocols like FTP. Microsoft netbios based protocolls needs conntrack mode also.

    A sample solution is available e.g. from http://www.cse.unsw.edu.au/~matthewc/files/ip_nat_netbios.c, but other solutions should be available.

    For Firewalls between company networks with WINS and netbios protocol and NAT at the same time a connection tracking would be needed.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
  18. Customizable User Certificate Validity Period

    User certificates (used for ssl VPNs) has very long duration (20 years?). IT revisions are not very satisfied with such configuration, proposed certificate validity is 1 year or less.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web Security: Redirect instead of displaying block page

    I am Astaro Hong Kong Support, for SMEs, they would like to Astaro provides redirecting page insteads of blocking page e.g) web security blocking page. SMEs can type their company webpage and don't want to display any blocking message.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo Comazzetto responded

    This feature is planned for UTM 9.1 which is targeted to begin beta in late 2012/early 2013 for release in Q1 2013.

  20. 6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.