SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WebAdmin: Grouping controls for DHCP Servers

    Like Firewall rules which work great, it would be nice if you could group / color code DHCP Servers.

    If you use WLAN and RED you'll have a lot of DHCP Servers and there is no chance to group them logical (only possible by a naming schema)

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    • RED: Notify of Duplicate Networks

      While playing around with RED, we've recently had the problem that we accidently used a network 192.168.x.x/24 for the RED network that was already used for another VPN connection. That caused some trouble because we could not find why we did not get a connection through RED.

      So it would be great if Astaro could implement a feature that checks if a network is already used somewhere (VPN, routing, etc.) and throws out a warning if someone uses it elsewhere.

      3 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
      • Bandwith Reporting / Status of VPN Remote Networks

        Display the bandwidth load of remote networks would be nice. We have several branch offices, which a connected by an provider VPN. At the moment i can only see how many Bandwidth goes over an interface. But it would be great to see how many of this bandwidth is used for which branch office.

        18 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          Under Review  ·  1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • Add Interface information to logs

          For troubleshooting purposes, including the interface that a packet/URL is going out would be very helpful.

          While viewing a live log I would just need the interface, eth0, eth1, br1, etc, added to the line so that I can be sure that my multipathi rules are working.

          For example:

          2010:05:12-07:17:47 proxy httpproxy[4561]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.2" user="" request="0" url="http://somelink.com" INTERFACE="eth1"

          7 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            3 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
          • Networking: Uplink Monitor Action to Restart Unit

            As an augmentation Internet Connection Monitoring, we'd like to have the ability to tell the Astaro to reboot if the internet connection is not available after a predefined interval (say 15 minutes). This would solve issues we have with having to power cycle remote ASG units to get them to reconnect with various ISP equipment.

            6 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
            • Networking: Sync details for ISP

              Home users use a router as dumb modem which connects directly to ASG.It would be great is ASG could provide the sync details from the ISP (sync speed,attenuation etc)

              5 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
              • RED: 1:1 NAT Support for RED devices

                two remote LANs with the same IP range/netmask cannot be connected to the same central ASG by using RED devices in the remote offices. ASG wouldn´t be able to route the traffic on the central ASG correctly.

                All examples have in common (which is likely), that several of the "remote LAN's" will have the same IP ranges (e.g. surely 192.168.1.0/24 and 10.1.1.0/24 will be used often).

                As the RED device bridges the LAN to the central ASG, there is no possibility to route the network traffic correctly on the central ASG.

                So we need a SNAT/MASQ mechanism on the RED…

                40 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  Under Review  ·  6 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                • AstaroOS: Configurable default key size for certificates

                  a keysize of 1024 bits is standard (anywhere fix encoded in the deepth of the system) to all autocreated users (ex. backend prefetch with LDAP). There should be a config dialog providing the ability to preset the keysize for all later created certificates

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                  • Schedule Pattern Up2Date

                    Given today's IPS signature disaster, we now want to schedule the updates to occur at a specific time. Please add time to the "Daily/weekly/monthly" options . E.g. We want updates to occur at 10:14AM Daily. I do not care when the updates are downloaded, only when they are made active.

                    7 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Customized Time for Log File Deletion

                      delete the log files should be possible to be awarded a free period.
                      currently, the log files are deleted only after predefined periods. we need as But a period of only 2 months

                      9 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        4 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                      • AstaroOS: Bind Proxy to Defined Interface(s)

                        Possibility to fix the interfaces for the web or mail proxy. E.g. I want to use the web proxy only for traffic between (LAN and Internet) and (DMZ and Internet) but not allow the LAN to see the DMZ.

                        15 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • SNMP Tags for ASG Version and Serial number

                          it would be nice to get system details like ASG Version, Serial Number, Contract End via snmp for monitoring tools like cacti, nagios

                          16 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                          • Networking: Assign DNS Servers via Interface

                            I would like to be able to assign DNS servers to interfaces. Right now it's global.

                            10 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Mail Security: Use Phising Filter to stop Malicous Links

                              The Phising Filter in the mail security already filters URL's in mail for known phising servers. Please also add the possibility to filter more URL categories - at least "Malicious Sites" and "Spyware/Adware". Or the nonplusultra feature would be, if we could filter mails against any of the Smartfilter XL categories (as P2P and others).

                              The rising number of mails linked to malicious sites will make this feature very desireable.

                              ==> http://www.searchsecurity.de/themenbereiche/bedrohungen/phishing-und-spam/articles/258639/?nl=1&cmp=newsletter_applikationssicherheit_13-04-2010

                              4 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Network Protection: Blackhole via the DNS Proxy

                                The features OpenDNS give are awesome, if something like that was implemented on Astaro that would make administration easier for many users. The ability to be able to go through and quickly be able to force all users to point to 127.0.0.1 for malware related sites or open proxies.

                                3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  Under Review  ·  4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Mail Protection: Compress and Convert files

                                  We often have a situation, that our customers send us mails with BMS-files attached instead of using PNG or GIF.
                                  I want to have an option, that I can define, which attachments can be converted from BMP to PNG or GIF. Maybe this can be combined with a ruleset so that I also can define, that a LOG or TXT-Attachment can be zipped, if it is greater than a limited file size.
                                  This feature will save a lot of space on our mail-server and also on our POP3-clients.

                                  3 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    7 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Authentication idle timeout

                                    The maximum length of time the user can stay authenticated when idle (not passing any traffic to
                                    the external network).

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Reports/Alerts: Allow Customization / Logos

                                      Extend the customization options allowing for custom logo's, headers and footers on the various mailed reports, and email alerts

                                      13 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Server Load Balancing: Support for Fail-Over

                                        Currently you can define a pool of servers > 2. And there is no way to define a failover cluster.

                                        To do this, I would suggest allowing just a single server in the server list. Then creating a backup server list, in which you could put the backup machine.

                                        For an example, see the load balancer option in pfSense. The fields would be like this:

                                        primary server(s) list:
                                        * servers in this list will receive a portion of incoming traffic.
                                        backup server(s) list:
                                        * servers in this will will only receive traffic if all the primary servers are inaccessible.

                                        In…

                                        7 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

                                          So we understand this request, currently the pool has fail over built in (dead nodes are removed and added in real time to the balancing) but you wish to have resources there (or a cluster of resources) doing no work, but becoming responsible for tasks/work when a failure happens in the primary node(s) only?

                                        • Reporting: Fully audit a single / group of Addresses

                                          I'd like to be able to set 5 ip's aside and see a report of what they use and where they go.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.