AdminRich Baldry
(Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
My feedback
-
3 votes
An error occurred while saving the comment -
1 vote
An error occurred while saving the comment Hotspot authentication relies on identifying the device by MAC address and associating that with a user. When a user is connecting from a device on a routed IP subnet the hotspot will not see the MAC address of the original device, but of the router interface.
Captive Portal will work in this situation because it is IP-based, but it doesn't control access to the actual WiFi.
-
1 vote
An error occurred while saving the comment Are there any particular options they want to be able to select from?
What kind of load balancing are you thinking of - WAN link, WAF load balancing to servers, or HA node load balancing?
-
1 vote
An error occurred while saving the comment Can you provide more detail on where and when this will be useful?
-
4 votes
An error occurred while saving the comment When you say "it affects all the tunnels" do you mean all the tunnels are reconfigured, or just that they drop and reconnect when the configuration is applied?
-
1 vote
An error occurred while saving the comment How many zones do you have?
-
3 votes
An error occurred while saving the comment Can't you just create one rule with IPS turned off for the sources and/or destinations you want to exclude? Why do you need to duplicate every FW rule?
-
1 vote
An error occurred while saving the comment Can you please provide more information? Which feature? What would you like to see in the GUI? How would it benefit customers?
-
1 vote
An error occurred while saving the comment Which warning message?
-
74 votes
SFOS v18 adds support for DNS-o-matic, which in turn supports OpenDNS as well as dozens of other dynamic DNS providers.
An error occurred while saving the comment Version 18 will add support DNS-o-MATIC.
-
75 votes
An error occurred while saving the comment https://community.sophos.com/kb/en-us/123042
MAC binding works only in Agent Authentication mode. Captive Portal and AD SSO modes are not supported, neither is SSL VPN client.
Please provide more details on the requirements if you need support for this with currently unsupported Auth mechanisms.
Note there are other suggestions relating to MAC binding for SSL VPN that you should look at and consider supporting.
-
64 votes
An error occurred while saving the comment Although we only display the users in one primary group, we do take into account all AD group memberships for evaluating policies.
-
55 votes
An error occurred while saving the comment Traffic from Sophos Endpoint products have appeared as 'None' in the past because this traffic currently bypasses our web policy mechanisms and so never gets a category applied. This is being resolved in v18.
-
53 votes
An error occurred while saving the comment In version 18 you'll be able to use DNS-o-MATIC which provides a kind of gateway service to other Dynamic DNS providers.
-
9 votes
-
47 votes
An error occurred while saving the comment There is another item requesting differentiated policies for Administrator accounts
-
30 votes
An error occurred while saving the comment Would this capability be more appropriate for the Hotspot feature? Captive Portal is intended for authenticating known user accounts to company directories.
-
36 votes
An error occurred while saving the comment XG Firewall Web Filtering can filter HTTPS traffic and apply policy based on destination IP or on the server name, without having to decrypt. In v18 it can do this on any port. We also filter DNS requests with our ATP feature.
DNS filtering would add very little value, and has its own blind spots such as when clients use DNS over HTTPS or when apps bypass DNS in other ways.
-
22 votes
An error occurred while saving the comment Why don't you want to use the Policy Test? It will tell you the answer straight away...
-
32 votes
An error occurred while saving the comment To be clear - by SFTP you mean the protocol that runs over SSH, not FTPS which runs over SSL/TLS.
Have you tried using the Policy Test feature to do this. It allows you to specify a bunch of parameters for the connection you wish to test, and will tell you which firewall rule (and web policy, where appropriate) is hit.