Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Bob Alfson

My feedback

  1. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    These should be fairly easy to do.

    Bob Alfson supported this idea  · 
  2. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson shared this idea  · 
  3. 12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    This has been possible with the UTM forever - as long as the domains are hosted by the same device using the same private key and the domains each use the same public key.

  4. 3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    Interesting idea!

    Bob Alfson supported this idea  · 
  5. 36 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  SG UTM » Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson supported this idea  · 
  6. 7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson shared this idea  · 
  7. 103 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    An IT guy at a firm in Germany posted a genius solution in the German Forum: https://community.sophos.com/products/unified-threat-management/f/german-forum/87506/quarantane---info-eigenhender-externe-mails/336898#336898

    "alle 2 Stunden zwischen 07:00 und 17:00" = "every 2 hours between 7AM and 5PM"
    "Digest stündlich" = "hourly report"

    Add the desired lines to /etc/crontab-static . Then, in WebAdmin, in 'Management >> Up2Date' change 'Firmware Download Interval' to "Manual," [Apply], change it back to its original value and [Apply] again. This step incorporates crontab-static into crontab.

  8. 30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    Merge this idea with In Anti-Spam, Expression-check everything after DATA or include From

    https://ideas.sophos.com/forums/17359-sg-utm/suggestions/9893775-in-anti-spam-expression-check-everything-after-da

  9. 64 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson supported this idea  · 
    Bob Alfson commented  · 

    As of 03 June 2017, this is now possible! See https://community.sophos.com/kb/en-us/126892 (How to change the outgoing interface for Web Filtering).

    Rather than use the suggested method of enabling this capability, do the following as root:

    cc set http enable_out_interface 1

    Cheers - Bob

    Bob Alfson commented  · 

    One of my clients has employees of two different customers in their building. They have VPNs to those customers and each employee of the customers needs to use web apps over the VPN to their employer. Presently, the solution is to have a second proxy that's used as a parent proxy to relay through the tunnel. Please extend this idea with, for example, the ability to use ppp0 like eth0, thereby allowing a profile to be directed over a VPN without having to use another proxy.

    Bob Alfson commented  · 
  10. 3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson shared this idea  · 
  11. 12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. 9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    As Doug Foster pointed out in the UTM Community, this should include proxies and other things with hidden and automatic rules.

  13. 3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    If you select 'Strict rDNS' in the SMTP Proxy, it does FCrDNS (Forward Confirmed rDNS). That is, if an email arrives from 214.3.140.16 and 16.140.3.214.in-addr.arpa returns marcus.whmo.mil, the the email will be rejected as "RDNS invalid" unless marcus.whmo.mil returns 214.3.140.16.

    If there is no rDNS record, the email is rejected as "RDNS missing."

    I admit that I don't understand "("ends-with" match) of the sending server (looking behind any trusted forwarders)."

  14. 88 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    All of the issues mentioned here are easily resolved. Ask questions in the UTM Community.

  15. 23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    I don't think this should be changed. With a better understanding of iptables and WebAdmin, none of these issues are a problem. See #2 in https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz and ask question in the UTM Community.

  16. 9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    If the developers don't have a better idea of how to address this exposure, this suggestion seems doable.

  17. 6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    This is not true, Tony. When using the Transparent Proxy with two subnets on separate Ethernet segments, simply put both subnets into the Transparent mode Destination skiplist and uncheck 'Allow HTTP/S traffic for listed hosts/nets'. Anonymous, this does not exclude them from using the proxy for Internet access.

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests." If you would like me to send you this document, in the Sophos UTM Community, PM me your email address. I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

  18. 51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    Currently, the UTM Mail Manager has no "DKIM" selection on the 'SMTP Log' tab. Messages that failed DKIM are listed as "spam (confirmed)" even though the SMTP log files clearly indicate that DKIM "verification failed ..."

    DKIM failure should be reported in Mail Manager.

    Cheers - Bob

    Bob Alfson supported this idea  · 
    Bob Alfson commented  · 

    Loganh also demonstrated on the User BB that the Astaro already runs these tests on incoming emails. That means this could be added simply to 7.509 and 8.10.

    Later, perhaps in 8.200 or another major release of V8, the logic and configuration choices could be added for rejection based on DKIM authentication.

    Thanks, Loganh, for being a great new recruit to this community of users!

    Bob Alfson commented  · 

    Thanks for putting this here, Loganh!

    This seems like an easy step, Astaro, as the acl already is avaiilable for exim. Maybe an Astaro person can comment on whether it's already in the Astaro implementation, but not activated.

  19. 20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    My comment four years ago was incorrect. Clearly, I didn't read the suggestion closely enough.

    Cheers - Bob

    Bob Alfson commented  · 

    Christian, please ask this question on the User BB - I believe this already is possible: http://www.astaro.org/

  20. 409 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    57 comments  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson commented  · 

    Two of my votes are here and I've none left. There was a rumor that this was planned for 9.4. It would be a shame if this were not true.

    Cheers - Bob

    Bob Alfson commented  · 

    Add ECP256 and ECP384 (IKE DH Group 20) for Suite-B Compatibility

    This should be a part of moving to Charon.

    Bob Alfson supported this idea  · 
    Bob Alfson commented  · 

    1. Android and Microsoft use IKEv2 and not IKEv1, so this suggestion seems to be a must-have.

    2. I'm not sure what, specifically, you'd like to see in an 'Advanced' section. At least a way to indicate a leftid in the 'IPsec Connection' just as the rightid can be given in the 'Remote Gateway' definiton as you suggested in the User BB over a year ago..

← Previous 1 3 4 5 8 9

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.