AdminRich Baldry
(Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
My feedback
-
1 vote
-
1 vote
Hotspot authentication relies on identifying the device by MAC address and associating that with a user. When a user is connecting from a device on a routed IP subnet the hotspot will not see the MAC address of the original device, but of the router interface.
Captive Portal will work in this situation because it is IP-based, but it doesn't control access to the actual WiFi.
-
1 vote
Are there any particular options they want to be able to select from?
What kind of load balancing are you thinking of - WAN link, WAF load balancing to servers, or HA node load balancing?
-
1 vote
Can you provide more detail on where and when this will be useful?
-
1 vote
When you say "it affects all the tunnels" do you mean all the tunnels are reconfigured, or just that they drop and reconnect when the configuration is applied?
-
1 vote
How many zones do you have?
-
1 vote
Can't you just create one rule with IPS turned off for the sources and/or destinations you want to exclude? Why do you need to duplicate every FW rule?
-
1 vote
Can you please provide more information? Which feature? What would you like to see in the GUI? How would it benefit customers?
-
1 vote
Which warning message?
-
68 votes
SFOS v18 adds support for DNS-o-matic, which in turn supports OpenDNS as well as dozens of other dynamic DNS providers.
Version 18 will add support DNS-o-MATIC.
-
65 votes
https://community.sophos.com/kb/en-us/123042
MAC binding works only in Agent Authentication mode. Captive Portal and AD SSO modes are not supported, neither is SSL VPN client.
Please provide more details on the requirements if you need support for this with currently unsupported Auth mechanisms.
Note there are other suggestions relating to MAC binding for SSL VPN that you should look at and consider supporting.
-
53 votes
Although we only display the users in one primary group, we do take into account all AD group memberships for evaluating policies.
-
49 votes
Traffic from Sophos Endpoint products have appeared as 'None' in the past because this traffic currently bypasses our web policy mechanisms and so never gets a category applied. This is being resolved in v18.
-
45 votes
In version 18 you'll be able to use DNS-o-MATIC which provides a kind of gateway service to other Dynamic DNS providers.
-
7 votes
-
36 votes
There is another item requesting differentiated policies for Administrator accounts
-
30 votes
Would this capability be more appropriate for the Hotspot feature? Captive Portal is intended for authenticating known user accounts to company directories.
-
24 votes
XG Firewall Web Filtering can filter HTTPS traffic and apply policy based on destination IP or on the server name, without having to decrypt. In v18 it can do this on any port. We also filter DNS requests with our ATP feature.
DNS filtering would add very little value, and has its own blind spots such as when clients use DNS over HTTPS or when apps bypass DNS in other ways.
-
17 votes
Why don't you want to use the Policy Test? It will tell you the answer straight away...
-
28 votes
To be clear - by SFTP you mean the protocol that runs over SSH, not FTPS which runs over SSL/TLS.
Have you tried using the Policy Test feature to do this. It allows you to specify a bunch of parameters for the connection you wish to test, and will tell you which firewall rule (and web policy, where appropriate) is hit.