Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Angelo Comazzetto

My feedback

  1. 2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      Under Review  ·  0 comments  ·  SG UTM » Operating System  ·  Flag idea as inappropriate…  ·  Admin →
    • 109 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        6 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        Angelo Comazzetto commented  · 

        Hi Robbie,

        In many environments, systems like this cause the admin to basically get inundated with requests, often without them ever saying "no". We have a system on the UTM which allows users to override the URL filter using their credentials (if allowed) which will let them bypass only that feature. (Not for example anti-virus).

        We then fully log the details of the override (who, what site, when etc..) and their reason they entered (via a field on the override form) and provide that as a report you can audit at will to identify abuse or questionable overrides.

        Would that solve your problem, or you still would like to manually process override requests?

      • 541 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          121 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
          Angelo Comazzetto commented  · 

          To provide a status update. The .apc/.epc format you refer to is not just a .ovpn file which has been converted to a proprietary format. As there is no standard at all for site-to-site SSL VPN at this time, we needed to include more information than just tunnel parameters in the file that you download as "ours" from a UTM.

          Conversely, a simple .OVPN file does not contain all the information a UTM needs in order to construct a site-to-site SSL VPN. There are configuration objects used by the UTM that are used by our CONFD in the underlying system overall, and these cannot be easily deduced and labelled by the system. As such, the idea of using a UTM-generated site-to-site SSL VPN configuration file with your OpenVPN server, or importing a .OVPN file (with all the gamut of parameters possible in such a file) into the UTM for easy cross-device SSL VPN site-to-site is a large technical challenge with too many places where assumptions we would have to make would limit the scope and usefulness any ways.

          We will look at some sort of solution, but it isn't a simple thing we can easily do in the short term. Keep voting! We see you guys.

        • 21 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            5 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
            Angelo Comazzetto commented  · 

            Hi "anonymous". Can you list a bit more on your feature request here please? What kind of use case would you like to address with that?

          • 19 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              6 comments  ·  SG UTM » Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
              Angelo Comazzetto commented  · 

              Hi, we actually have a filter there in the UserPortal to show expired vouchers. Do you need more? Otherwise, we'll mark this as already possible. Hope that helps! If not, let me know.

            • 5 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                Angelo Comazzetto shared this idea  · 
              • 69 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  17 comments  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →
                  Angelo Comazzetto supported this idea  · 
                • 7 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    2 comments  ·  SG UTM » Logging  ·  Flag idea as inappropriate…  ·  Admin →
                    Angelo Comazzetto commented  · 

                    Hi Michel,

                    We already do wildcard by default, hence if someone is looking for "ryan seacrest" in google, and you type in just "searc" (no quotes of course) it will return all those log lines in the webfilter log when using the logfile search.

                    Does this solve what you need? If not, please provide a bit more info, as what you have asked for in your explanation is already the behaviour; searching for "jobs" would return all log lines with *jobs* in it....

                  • 7 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      4 comments  ·  SG UTM » Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                      Angelo Comazzetto commented  · 

                      Hi Michael.

                      So we clearly understand the request, can you please provide more information? Specifically on what you feel is lacking now; both the Web and Mail have profile-based configuration which can be used to create totally separate ways of filtering mail and web. What is needed?

                    • 15 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        8 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        Angelo Comazzetto commented  · 

                        Thanks for your reply. So I am clear, you want the HTTP proxy to masquerade equally to all or some (outgoing balanced) external IP's of the "additional addresses", or just want the ability to set which additional single IP the proxy should NAT to?

                        Angelo Comazzetto commented  · 

                        Hi Eric,

                        Can you elaborate on that with the use case please? Are you saying that perhaps LAN 192.168.0.x isn't being properly masqueraded to the external interface? I'd need some more details to properly file this request. Thanks!

                      • 7 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          3 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          Angelo Comazzetto commented  · 

                          Hi Oliver, could you let me know what you want to do by having this feature? You'd like to bridge the SSL VPN user pool to the local lan so they could share the same IP addresses easily I assume? Or is there other application(s) you are interested in for this?

                        • 2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →
                            Angelo Comazzetto commented  · 

                            Hi elmar,

                            To be clear, your asking for if you enter host.mycompany.com you should be able to ping just "host" ? How do you see the ASG solving that one?

                          • 182 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              22 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • 22 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                5 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                Planned  ·  Angelo Comazzetto responded

                                This feature is planned for UTM 9.1 which is targeted to begin beta in late 2012/early 2013 for release in Q1 2013.

                                Angelo Comazzetto commented  · 

                                Hi Warren, While we can keep increasing the options for customization, adding a completely customizable page-builder right in WebAdmin is very tedious and not the best way to solve that. We will rather look to add URL redirecting so you can build and host whatever page style you like for the various block reasons in an upcoming version. I'll merge this request into that one as a result.

                              • 4 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  Under Review  ·  3 comments  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  Angelo Comazzetto commented  · 

                                  Hi Peter, you can accomplish this by installing the Astaro Authentication Agent (Sophos Authentication Agent in UTM9) which will report/update a user object with their current IP after being installed on a workstation. We are working on various improvements to this agent.

                                  Further, we will look at a dedicated server agent for the future as well, which I'll merge this one into.

                                  Angelo Comazzetto shared this idea  · 
                                • 106 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    14 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                    Angelo Comazzetto commented  · 

                                    Slightly adjusted description to ensure his request was appropriately posed.

                                  • 17 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  SG UTM » UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      Angelo Comazzetto commented  · 

                                      Hi Harb

                                      Are you requesting a feature for the upcoming UTM9 product or an existing Sophos endpoint??

                                    • 25 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        4 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                        Angelo Comazzetto commented  · 

                                        Hi Jorge,

                                        Are you looking to do this for purposes of VPN or just for LAN routing?

                                      • 14 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          3 comments  ·  SG UTM » Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                          Angelo Comazzetto commented  · 

                                          Again on this, currently the UserPortal will already limit the choices available on a per-user basis. However this will only be possible in the current system if you specify users per-feature. If you are using server-backend groups for a feature like SSL VPN, then indeed all users in that group would be enabled for this.

                                          Is that your scenario or did you not already know we limit the choices automatically per-user? Let us know!

                                          Angelo Comazzetto commented  · 

                                          So we clearly understand, currently the system will not display any items for which a user is not permitted, but you then want one more level of exception, so that for example you can allow the "Receptionists" group to access the Hotspot feature, but then deny "Janice" who is in that group?

                                        • 4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            3 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                            Angelo Comazzetto commented  · 

                                            Hi. I must say this one confuses me. We didn't so much as over-think the feature as we did just not anticipate the need to setup server load balancing without 2 things to "balance" to. I'll leave the feature so it could gather votes however.

                                          ← Previous 1 3

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.