Wir haben in unserer SG-Firewall (Modell:SG230, in der Filteraktion „Default content filter action“ eingestellt, dass bestimmte Dateiendungen beim Download geblockt werden (exe, bat,…).

Nun ist es für uns als Administratoren trotzdem manchmal notwendig an einem User-PC einen Download zu tätigen. Dafür müssen wir dann den Webfilter temporär ausschalten. Das ist aber ungünstig, da man schon mal vergessen kann ihn wieder einzuschalten. Es wäre von Vorteil wenn ich bei jedem einzelnen geblockten Download die Sperre z.B. mit der Bestätigung eines Passworts oder PINs, welches nur wir Admins kennen, dann trotzdem durchführen könnte.
Esist einfacher und weniger umständlich, wenn man das direkt am PC des jeweiligen Users machen könnte, ohne aber den Webfilter komplett ausschalten zu müssen.

Whenever I reboot my networking gear or when there was an Internet outage, it remains down. I can only fix it by manually renewing the DHCP of my WAN (manually pressing "Renew" for the external interface on the Interfaces page). I want this to happen automatically, because when the cable modem gets a new firmware and is being rebooted in the night, the next day the UTM is still offline. Very cumbersome when not on site.

In particular, not only other users mentioned it on the support pages here already, but also other users with other products have this problem.

It seems to be easy to implement for the professional team at Sophos, here is the script it helped users with pfSense:

!/bin/sh

wan="igb1"
LOGFILE=/var/log/pingtest.log

currip=$(ifconfig $wan | grep "inet " | cut -d " " -f 2)
if test -z "$currip"; then

echo `date +%Y%m%d.%H%M%S` "Detected empty IP on $wan! Will try again in 120 seconds." >> $LOGFILE

sleep 120

currip=$(ifconfig $wan | grep "inet " | cut -d " " -f 2)

if test -z "$currip"; then

    echo `date +%Y%m%d.%H%M%S` "2nd try: Still empty IP on $wan! Will fix now." >> $LOGFILE

    ifconfig $wan down

    sleep 10

    ifconfig $wan up

    sleep 20

    dhclient $wan

    echo `date +%Y%m%d.%H%M%S` "Fixing done!" >> $LOGFILE

else

    echo `date +%Y%m%d.%H%M%S` "2nd try: $wan has IP $currip; ok" >> $LOGFILE

fi

else

echo `date +%Y%m%d.%H%M%S` "$wan has IP $currip; ok" >> $LOGFILE

fi

And here a modified version to keep the size of the logfile down:

!/bin/sh

wan="em5"

currip=$(ifconfig $wan | grep "inet " | cut -d " " -f 2)
if test -z "$currip"; then

logger `date +%Y%m%d.%H%M%S` "pingtest - Detected empty IP on $wan! Will try again in 120 seconds."

sleep 120

currip=$(ifconfig $wan | grep "inet " | cut -d " " -f 2)

if test -z "$currip"; then

    logger `date +%Y%m%d.%H%M%S` "pingtest - 2nd try: Still empty IP on $wan! Will fix now."

    ifconfig $wan down

    sleep 10

    ifconfig $wan up

    sleep 20

    dhclient $wan

    logger `date +%Y%m%d.%H%M%S` "pingtest - Fixing done!"

else

    logger `date +%Y%m%d.%H%M%S` "pingtest - 2nd try: $wan has IP $currip; ok"

fi

else

logger `date +%Y%m%d.%H%M%S` "pingtest - $wan has IP $currip; ok"

fi

I copied it in for you from the authors e4ch and ohbova, from this site:
https://forum.netgate.com/topic/127403/auto-renew-dhcp-after-outage/23

But it seems as a good base to adapt it for the UTM?

Thank you for your consideration.

Kind regards,
Markus

Hello,

I checked with Sophos technical support team and found that there is no option for Load Balancing / sharing for SSLVPN on Cyberoam CR35iNG.
We are using 2 ISPs with 30 Mbps each. If there was a way to make some sort of division in VPN rules/setting so that half of our employees could user 1st ISP and other other half could use 2nd ISP. This would really impact bandwidth usage and decrease lags on SSLVPN. As of now due to COVID-19 situation all of our employees are working from home and our 2nd ISP is not getting used to its potential, we are getting too much Speed Issues on 1st ISP on VPN. We and others who are using same device would really appreciate if you could come up with some sort of firmware update that could address to this issue.