Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Bob Alfson

My feedback

  1. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Have you asked this question on the User BB? http://www.astaro.org/

    If I understand what you neeed, I think it can be accomplished today.

    Cheers - Bob

  2. 49 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  SG UTM » Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Timm, have you asked this question on the User BB? http://www.astaro.org

    Using NAT isn't necessary with WebAppSec.

    Cheers - Bob

  3. 18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Achim, can you accomplish what you want by adding google.com, bing.com, etc. to 'Reporting Exceptions: Web'?

    Cheers - Bob

  4. 69 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  2 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Bob Alfson supported this idea  · 
    An error occurred while saving the comment
    Bob Alfson commented  · 

    With all of the other fail-over capablities that Astaro has added in the past few years, this seems like a no-brainer. Manuel explained on the User BB why this is important in an enterprise environment.

  5. 13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Perhaps you could explain the purpose of fallback authentication.

    At present, if an IP is in a subnet that the HTTP/S Proxy authenticates with AD-SSO, then, if the browser with that IP is configured to use the Proxy and the user is not logged into the AD, the user's surfing will be determined by the Proxy Profile's 'Fallback action'. If the same browser is not configured to use the Proxy, then, if 'Web Security >> HTTP/S' 'Global' is in "Transparent" mode, the settings in that section will determine the user's surfing. If the global setting is not "Transparent", then the Packet Filter rules will determine the user's surfing.

  6. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Operating System  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    I guess I'm a little confused about this, Daniel. What about Web Application Security doesn't accomplish more than the Fortinet product?

  7. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Interesting idea. I wonder if that couldn't be accomplished by introducing the ability to selectively do layer-2 bridging between virtual interfaces.

  8. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Operating System  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    As you already may have learned, Astaro is not plug-and-play. Removing intefaces from a physical box or a virtual one will have the result you describe. You must remove the interface in WebAdmin, create an external configuration backup, install Astaro from CDROM and then restore the configuration backup.

    Cheers - Bob

  9. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Hi, Ben,

    The Packet Filter rule you give does not affect traffic through a VPN tunnel. If you have an issue you need help with, you can ask questions on the User BB: http://www.astaro.org/

    Cheers - Bob

  10. 469 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    30 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Also, the ability to create multiple A records for an FQDN. That would solve a long-standing problem with Network Definitions. At present, it's not possible to create a network which is a list of IPs; each IP must be assigned to a separate Host definition, and then the separate definitions loaded into a Network Group. If it were possible to assign multiple IPs in a static DNS mapping, a 'DNS Group' Network Definition would solve the problem cleanly.

    An error occurred while saving the comment
    Bob Alfson commented  · 

    If the local ISP DNS Forwarders are listed after the "master proxy" at each location then doesn't that give you what you want?

    An error occurred while saving the comment
    Bob Alfson commented  · 

    Interesting, Poul. Can you explain in just a few words why this cannot be accomplished by having the branch Astaro DNS Proxies point to the central DNS server as a unique forwarder? In the event of a network disruption, wouldn't the local DNS cache of each Astaro likely have the needed information?

    Cheers - Bob
    PS I'm not suggesting that my idea will work, I'm just trying to understand your idea better.

    An error occurred while saving the comment
    Bob Alfson commented  · 

    Yes, it shouldn't be that difficult to make the proxy into a full-fledged DNS.

    An error occurred while saving the comment
    Bob Alfson commented  · 

    Mark, do you have the Astaro listed as a forwarder for your internal DNS? Isn't this functionality already available if your internal DNS server allows it?

  11. 51 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SG UTM » Logging  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Instead of a global search, I'd prefer the ability to hold down the Ctrl key to select a specific combination of files.

  12. 460 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    32 comments  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 
  13. 19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Martin, this functionality already is possible with DNAT and SNAT rules.

    An error occurred while saving the comment
    Bob Alfson commented  · 

    My home has a Linksys router. Linksys calls it "Port triggering" when you change 26 to 25. I assume that that would work if the device were in bridge instead of router mode.

  14. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    On the User BB, Maygyver said this is possible, and that reminded me...

    I bet that is possible by specifying this on the subject line of the email. The choices are:

    {plain} or {clear} : Mail will not be signed or encrypted
    {sign} : Mail will be signed
    {crypt} : Mail will be encrypted

    Could someone test that and confirm here that the Astaro looks up the PGP key on the configured keyserver?

  15. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Armin, could you give an example that demonstrates why regular policy routing is inadequate? Thanks

  16. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    I believe this is possible. You might want to ask this question on the Astaro User BB: http://www.astaro.org/

  17. 8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    This does seem like a great idea and easy to implement. I hope Astaro sees this!

  18. 7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Logging  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    There are two different suggestions, already. Search here on: bandwidth monitor fqdn

    An error occurred while saving the comment
    Bob Alfson commented  · 

    Interesting. I'm going to bet that the information in the HTTP log is generated long before the Astaro "knows" which interface a message will use, but I'd be interested to hear from someone who's not just making an educated guess like I am.

    Michael, can you get the information you need from tcpdump at the command line or the Bandwidth Monitor from the Dashboard?

  19. 24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    Excellent suggestion, Emanuele! The Astaro should "know" when it's not working correctly after an Up2Date or a Pattern Update, and be able to roll itself back. An intermediate step would be to list the available rollbacks in WebAdmin to allow admins to do manual rollbacks.

  20. 8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Bob Alfson commented  · 

    At present, you can choose to have pattern updates done on many different schedules. Personally, from a security point of view, I prefer to have them installed automatically as soon as possible. I think we're all still a bit rattled by last Friday's debacle, so I appreciate new ideas like this one on how to avoid such problems in the future.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.