Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Allan Dynes

My feedback

  1. 3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Sophos Central » Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes commented  · 

    Agree, some businesses need to be able to access these sites like a Winery in our area is being blocked. I want to just allow the category, not each site.

    Allan Dynes supported this idea  · 
  2. 58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes commented  · 

    It is now possible. However I DON'T want to encrypt my backup and with MR7 I don't have a choice, can't download the backup until I set a password. Leaving it blank prompts me to set a 12 character password.

    Two steps forward, one step back.

  3. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes shared this idea  · 
  4. 426 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
  5. 27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
  6. 58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  SG UTM » Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
  7. 8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes commented  · 

    I would also like this. For things like IP Phones we pass the DSCP tagging and other information to them and have all the phones use DHCP. When a user has a phone on a RED device we have to manually configure the phone so all the settings are correct. If we could simply pass through our existing DHCP server we wouldn't have to do this.

    Allan Dynes supported this idea  · 
  8. RED

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
  9. 69 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  XG Firewall » Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
    Allan Dynes commented  · 

    @Alan Toews - After talking to support, and them having me manually edit the httpd file to disable 3DES, TLS1.0, & TLS 1.1 along with me turning off Trace/Track they said only the TLS 1.0 would be a UI option. Will TLS 1.1 and the cypers also be UI options? If not can those be added also? What about disabling Trace/Track? The thought of manually editing the httpd file each time a firmware update comes out doesn't make any sense.

    Allan Dynes commented  · 

    @Alan Toews - That is great news but we are failing our compliance scans, our company is required to meet the standard thorugh our bank as of the first of this year. So every month I have to request a exception and show that on my actual servers we have TLS v1.0 and 64 bit cypers disabled. It's only been three months, and three exception requests, but its getting real old already.

    Allan Dynes shared this idea  · 
  10. 88 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  SG UTM » Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes commented  · 

    Using a XG here. You guys pushed out a beta firmware 16.05 RC1 and disabled TLS v1.0 but then in the actual release, v16.05 MR1 & MR2 you enabled it!

    This problem still exists, at least for WAF where I am failing PCI compliance scans because of it.

    This should be disable by default with a option through the CLI or even the UI to enable/disable as we see fit along with other cypher's.

    Coming from a TMG 2010 box I was able to easily edit the registry to turn on and off cyphers....I can't believe a product much newer doesn't have the same abilities.

    Allan Dynes supported this idea  · 
  11. 7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
  12. 61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
    Allan Dynes commented  · 

    How is this not already a option. Just failed my PCI scan due to this.

  13. 382 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    48 comments  ·  SG UTM » Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
    Allan Dynes commented  · 

    How is this not already a part of the XG? The XG is labeled as a TMG 2010 replacement but TMG had this ability and this doesn't? It needs to be added aSAP.

  14. 130 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  XG Firewall » Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes supported this idea  · 
  15. 25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  5 comments  ·  SG UTM » Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    Allan Dynes commented  · 

    This lists as "under review" but I can add a port range using 3560:3575 and it works fine so not sure if this is now fixed. Using a XG with 16.01.02 firmware.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.