Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Bob Alfson

My feedback

  1. 76 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Why not have all of the choices available on the 'SMTP Quarantine' tab in Mail Manager and the User Portal?

  2. 90 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson supported this idea  · 
  3. 65 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
  4. 143 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  26 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    @Bob ten Berge - try asking a question about your issues with SSL scanning on http://www.astaro.org/

    @Jeremy - I see what you mean. In the 'Transparent mode skip list', for example, allow adding a list of domains. For a given IP, if there's an rDNS entry, and it corresponds to a domain name in the list, then the IP is skipped.

    An error occurred while saving the comment
    Bob Alfson commented  · 

    DNS Group definitions depend on entires with more than one A-record. I'm not a DNS guru, Thomas, but I believe that this suggestion is impossible given the way DNS functions today.

  5. 22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Workaround: Put the User Portal on a different port, and then create a NAT rule for "External (Address)" and "Internal (Address)" (and any other "(Address)" objects) that DNATs 443 to the new port with the new Destination left empty.

  6. 20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    It seems like this would be done easily as the User Portal logic already does selections based on the username. Isn't most of the logic needed for this already in place there?

    Bob Alfson supported this idea  · 
    An error occurred while saving the comment
    Bob Alfson commented  · 

    This is a great idea and seems like an easy thing to do. There would need to be a login added to https://My.Firewall.com:4444/qm/ if called by a user not logged in. This also would have an advantage in larger organizations where you want to assign queue management to one or more people you don't want inside the Astaro.

    Cheers - Bob

  7. 111 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson supported this idea  · 
    An error occurred while saving the comment
    Bob Alfson commented  · 

    The same idea was proposed in German last November, and it's one of those ideas that seems obvious. Who needs Reporting the most? - companies with thousands of employees. Who can't use the currrent tools available on the Astaro to manage a local copy of all their employees? - companies with thousands of employees.

  8. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    If I understand your suggestion correctly, this already is possible. With two WAN connections for two Astaros, configure 'Uplink Balancing' in both. In each 'IPsec Connection', use "Uplink Interfaces" instead of a specific interface. In each, prioritize the use of one interface with a 'Multipath' rule binding IPsec traffic to it. In each 'Remote Gateway', instead of a 'Host' definition for the 'Gateway', use an 'Availability Group' with the prioritized IP of the other site first, and the other IP second.

    Cheers - Bob
    PS It always pays to visit the User BB to see if something is doable: http://www.astaro.org

  9. 134 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  SG UTM » Application Control  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    I can't find it now, but there is a similar request for being able to use AD-authenticated backed groups to define Departments in Reporting. Maybe an admin could find the various suggestions and group them.

    Here's where BangkokBob and I discussed this on the User BB: http://www.astaro.org/astaro-gateway-products/management-networking-logging-reporting/39846-web-security-reporting-8-202-a.html

    Cheers - Bob

  10. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Mark, I'm not sure I see how this would differ from using "Uplink Interfaces" and "Primary Uplink Addresses" in rules when you have Uplink Balancing enabled with the second interface indicated as "Standby" instead of active.

    Cheers - Bob

  11. 16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  SG UTM » Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    I had a similar suggestion, but I'll turn it into a comment and move it here and add my vote.

    Cheers - Bob
    -------------------------------------------------------------------------------------------------------------
    COUNT IPs BY SUBSCRIPTION

    The lack of counting in each application means that I can’t sell a 10-IP Web Application Security subscription with a 100-IP Network Security subscription and a 50-IP Web Security subscription.

    Already, the licensing requires a 500-User license if only a single mail server with 500 mail accounts is protected.

    Where the prospect is running VMware, one can achieve this without adding another physical server. Still there's more admin overhead in managing multiple devices (that's why they call it a UTM!).

    Although the pricing for Network Security probably wouldn't be impacted, the pricing for the other subscriptions probably would have to increase in order to maintain revenue levels for Astaro.

    Conversations with existing users indicate that this would increase the sales of the other subscriptions.

  12. 96 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    That's interesting, Ronny. My first impression is that the Astaro SMTP Proxy already does all of this, but I admit that I only spent about 20 minutes reading the specification. It seems that some new parameters (like aspf instead of using +-~- in spf) add complexity while duplicating existing tools. Thinking about the emails I've seen get past the Astaro Proxy, I don't think there's anything in DMARC that would have blocked/quarantined them.

    I love to play with new toys! Can you tell us what specific changes you would recommend for Astaro?

    Cheers - Bob

  13. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Volker, can't your mail server do that? Usually, I configure the maximum as the maximum configured in the mail server, and then trust the mail server admin to manage the individual limits.

    Cheers - Bob

  14. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 
  15. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Sascha, do you think it's possible for Astaro to integrate these tools into their software without paying something to the developers of the packages? Also, I didn't know there were versions that would run under Astaro Linux. Anyway, it would be nice to not have to have those loaded/available on the PC/laptop I'm using whenever I'm at a client site.

    Cheers - Bob

  16. 5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Although I like the idea of more information, I would think that the warning to the students wouldn't be changed by having more detail. Still, it would be nice to have the IP or computer name there already to help see if a particular teacher is allowing students access they shouldn't have.

    Does the SafeSearch for Google, Bing and Yahoo in V8.3 obviate this issue for you?

    Cheers - Bob

  17. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    I agree, but remember that this has replaced IM/P2P, and that was a part of the Web Security subscription. Once they decided to group things based on what's included with which subscription, I think this became a marketing question. I think they didn't want to charge separately for it, but that might come if it's expanded as some are suggesting. I would guess that the decision of whether to move the cost into Network Security will be driven by customer demand.

    Cheers - Bob

  18. 5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Manuel, have you looked at the beta forum on http://www.astaro.org/ to see what is being done for Clientless VPN? Would that offer you what you need?

    Cheers - bob

  19. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Yes, DND also has been a hassle with iPhones, but, apparently, they've fixed that in V9.

    It seems like there could be a checkbox in 'WebAdmin Settings' for 'Select instead of Drag-and-Drop'. Then you'd click on a folder to have the list appear, select an object, and then click again on the folder icon to populate the field.

    Note that this would be more efficient for use in V9 and later where these fields can contain multiple objects.

    Cheers - Bob

  20. 7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » Management  ·  Flag idea as inappropriate…  ·  Admin →

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.