SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Networking: DNS Incoming Load Balancing

    It would be cool if the UTM could update DNS records to balance the incoming traffic. By changing the DNS answer across the public addresses configured on the UTM, the records could update (although with a delay) in reference to how much bandwidth and connection are used on the WAN links at a point in time to avoid new incoming connections being delivered to overloaded links.

    15 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      7 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    • Networking: Time-Based WAN Link Balancing Rules

      If multi-path rules can be defined with time-based behavior (for example a rule is from 8am to 5pm active) and the possibility with 2 other feature requests (Create "Uplink Interface Groups" or Multi-WAN-Uplink: User-Defined) you can defined very cool multi-path rules.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Authentication: Additional LDAP Attributes Support

        Add a configuration option for adding a query filter attribute for additional email-addresses for user settings.
        like searching for email destination (|(mail=%s)(otherMailbox=%s))

        Its easier to maintain email-aliases like info@domain.tld in central directory.

        Also, other attributes like First and Last name should be selectable if possible

        18 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
        • Management: Auto-Populate Networking Definitions via Scan

          By scanning the local IP-space of connected/configured internal (non-gateway) interfaces, discovered IPs should be auto-added to the definitions list using their hostname as the title (if available) otherwise just fill in the IP for both the address and the name.

          This saves admins having to define their objects from scratch, and they can always delete the object definitions they don't want/plan to use. This should be done either automatically, as part of the wizard, or on request.

          24 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
          • VPN: IOS XAuth Password

            Currently the configuration available via the UserPortal automated setup has no way to include a password for the user, which they must then specify every time they connect. Including the password would allow one-touch VPN connecting!

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
            • Authentication: Add new user to existing group

              When creating new user it would be nice to be able to put the new user in an existing group as part of the creation process.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • Domain/Address-based Quarantine of Messages

                It would be great if we could drop incoming SMTP email based on domain or email address straight into quarantine rather than Blacklist.

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Mail Protection: Report message as SPAM via Mail Log in UserPortal

                  Users would like the ability to report any spam that makes it to their inbox. Ideally, there would be a "report" button or link right in the users mail log next to every message that is delivered to the inbox. For quick-picking, it would be nice to have a button for "CONFIRM" to the mail quarantine digest too.

                  29 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    8 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Reporting: Detailed Network Reports for Billing

                    Basically we use Astaro in environments where we have multiple networks or from differenet companies and the parent company would like to monitor usage, in detail (inside and outside the proxy), be able to put a dollar figure on data, with and without thresholds and then export a simple usage report for billing purposes.

                    6 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                    • SNMP trap for Uncategorized Sites

                      We need a SNMP trap that notified to the NOC center that an website visited by a user is not categorized.
                      It's very important to have this warning for companies that provide MSS.

                      7 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        4 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                      • Hardware: ADSL Physical Port for Small ASG's (RJ11)

                        nowadays, the typical installation of ADSL is ADSL router which you plug the RJ-11 Jack in for ADSL service, and you have to configure the ADSL router with the authentication credentials, you have to install the ASG behind this device which makes:
                        1- double NAT traffice
                        2-- if you want to make port forwarding, you have to configure the two boxes
                        3- if An ISP want to install the small box on SOHO customer premises, and a remote management /remote SSH is required for a technical support, you have to create a port forwarding rule on the ADSL router.
                        In…

                        19 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          7 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • VPN: IKE V2 Support

                          IKE V2 is the newest innovation to IPSec and makes using of mobile clients a lot easier. I wish to integrate IKE V2 as soon as possible.
                          See: http://tools.ietf.org/html/rfc4306 (RFC 4306)

                          350 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            Under Review  ·  49 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          • Authentication: Web Filter User-to-IP Mapping

                            We need the user's ip mapping. Once a user is authenticated against the http proxy, the user source ip should be mapped in the user's object, so that we can create policy per user

                            61 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              Under Review  ·  11 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • Reporting: Show disk IO

                              It would be nice to see disk I/O activity via the hardware reporting in addition to what you already have for CPU/Memory/and HDD Space Usage

                              23 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                Under Review  ·  7 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • WebAdmin: Export / Import of Network Definitions

                                Make it possible to export and import lists of definitions - especially host definitions.

                                235 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  53 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                • L2TP/RADIUS use PAP flag

                                  We use an openldap server to maintain our user accounts for a large infrastructure of Linux hosts. Because the unix passwords are hashed with MD5, our radius server has to have the plaintext password passed to it to perform authentication against our LDAP server - we can not use any of the challenge/response type systems for authentication.

                                  The LDAP/Radius authentication system on the ASG expects to be able to use these challenge/response authentication protocols, and does not currently provide anyway to specify which to use from the UI. I can hack the /var/chroot-ipsec/ppp/options-default file and add stanzas like:

                                  refuse-eap
                                  refuse-chap …

                                  9 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Networking: Configurable FailOver IP's

                                    We want to use one vlan for multiple Astaro clusters.

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Networking: Integrated Wake on LAN Service

                                      Add the wake on lan functionality. Provide the possibility to create a table (INTERFACE | MAC ADDRESS | DESCRIPTION ) where we can store the mac address of hosts to wake up. Also, the wake up command can be scheduled or manually executed.

                                      177 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        13 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • support managed PKI for mail encryption / signing

                                        For easier management of Astaro's mail encryption / signing feature in larger enviroments it would be helpful, if Astaro would support automated creation of encryption/signing mail users using trusted certificates through a automated interface to a official signing provider as trustcenter or swisssign or equal. There seems to exist RFC compliant interfaces to such providers according to RF2797 standard.

                                        25 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          5 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Date of Automatic Backups

                                          I want to be able to set the date of Automatic Backups. It is convenient to be able to set the day when the backups of each ASG is transmitted.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.