Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Bob Alfson

My feedback

  1. 7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. 15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Sean, How is this different from Application Control as currently done by Astaro?

    Cheers - Bob

  3. 4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Thomas, I believe this already is possible - just make a QoS rule on the External interface with a traffic selector like '{Higher-Priority Network} -> Web Surfing -> Internet'. However, if you want to prioritize downloads, it's not really possible - all you can do is put a hard limit on Internet traffic from a LAN interface to the lower-priority LAN.

    Cheers - Bob

  4. 28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 
    An error occurred while saving the comment
    Bob Alfson commented  · 

    This should trigger an email so that the admins are aware when any private IP is blocked. Then again, with IPv6 coming, maybe it should be for all configurations made by the UTM itself.

  5. 3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Great suggestion, John! I have no remaining votes, but the decision to do this should be a no-brainer for Astaro. It will require adding new technology though, so I'd be surprised to see it this year.

    Cheers - Bob

  6. 7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Interesting. What is the motivation for having fixed IPs for laptops?

  7. 22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    I don't think this is a NAT-T issue, coewar, I think it must be a basic part of IPsec security that rejects packets from "incorrect" sources. You can establish a IPsec VPN with another Astaro behind a NAT. In the Remote Gateway definition for the other Astaro, choose 'VPN ID type: IP Address' and enter the internal IP, not the public IP used in the 'Gateway' field. Doesn't that accomplish what you need?

  8. 127 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    This already is available for PPTP. In 'Interfaces', select DSL (PPPoA/PPTP). Then make some Firewall rules, and you're done!

  9. 228 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    This is especially important to opportunities with larger companies.

    We need to be able to use "Backend Group (User Group Network)" objects in Firewall, Application Control, QoS, etc. rules without syncing users to the ASG.

    Bob Alfson supported this idea  · 
  10. 35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  SG UTM » Management  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Right, I read this as a request to be able to limit access overall to VPN users. Oliver is suggesting that it be possible to delegate Site-to-Site VPN management just as it now is possible to delegate Remote Access management.

    An error occurred while saving the comment
    Bob Alfson commented  · 

    Oliver, this is possible now. Ask on the User BB: http://www.astaro.com

    An error occurred while saving the comment
    Bob Alfson commented  · 

    Sean, you didn't say what version. In V8.2, you can add "Any" to 'Users/Groups allowed to bypass blocking', and then each bypass will be reported - that way they never have to wait on you.

    Also in V8, it is possible to give them access to reports and to view things while preventing them from making any changes.

  11. 205 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    For IPsec, wouldn't this be fairly straightforward? It seems like all you would need is to have in WebAdmin QoS would be a checkbox for TOS bits to also set them. Then, if the "Interface" is a VPN (or Remote Access) tunnel, traffic bound for the tunnel is simply tagged with TOS bits prior to encryption and the internal QoS rule uses the interface to which the IPsec tunnel is bound.

    An error occurred while saving the comment An error occurred while saving the comment
    Bob Alfson commented  · 

    Marc, although you can't do it for RDP, it is possible to do QoS for VoIP going through an IPsec site-to-site connection. Come on over to http://www.astaro.org to get help from other users.

    Cheers - Bob

  12. 28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SG UTM » Operating System  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Outside of losing some logs and reports, the only additional downtime is the time it takes to copy a backup to a USB memory stick.

    Assume that you have a second drive installed and that whenever you finish applying an Astaro Up2Date to the primary drive, you manually mirror it to your second drive. Also, you have configuration backups emailed to you every day.

    When the first drive dies, put the most-recent configuration backup in the root of a USB memory stick. Switch the PC to boot from the second drive, insert the memory stick and boot.

  13. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Have you tried the Web Application reverse proxy?

  14. 9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  SG UTM » Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    It's much easier to have a discussion on the User BB: http://www.astaro.org/

    Cheers - Bob

    An error occurred while saving the comment
    Bob Alfson commented  · 

    Jeremy, if you already have an Astaro, you should ask this question on the User BB - Astaro is way out ahead of airtight on this.

  15. 13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Jeremy, tihis is the way it works.

  16. 8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    One of the primary complaints in that thread was a download that began every hour, ate bandwidth for five minutes and then died. The solution given by Alan Toews was to create an Exception for anti-virus for the subdomainin question.

    Given that experience, the warning might occur if there were, in one day, more than ten failed downloads that lasted over one minute.

    Bob Alfson shared this idea  · 
  17. 24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    This seems like an interesting idea. It also reminds me that it's time to have "exception" definitions like "0.0.0.0/0 except 12.34.56.0/24" and "1:65535 -> 1:65535 except 2125". Brad's use for this is to allow remote client backups to the cloud.

  18. 13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
  19. 203 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Andrew, have you tried this with Remote Access (I use L2TP over IPsec) instead of a DNAT?

    An error occurred while saving the comment
    Bob Alfson commented  · 
  20. 6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.