Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Elmar Haag

My feedback

  1. 86 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    Please contact your Astaro/Sophos NSG Presales representative (sales engineering team).Depending on your project/business case, it could be they have a solution for your request.

  2. 43 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    You just have to select the correct Webadmin language. The Quarantine Report is automatically using the same localization settings.

  3. 5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    The normal way to achieve OTP-only authentication for VPN users is to use the pre-defined and automatically generated object "RADIUS users" in the VPN-configurations 'allowed users/groups'settings. Then no user can log in as VPN user by using his AD credentials.

    This "RADIUS Users" group object is probably not well documented. We will generate a KB entry in the near future where this behaviour is decribed.

    If you really want to use per-user packetfilter rules and these rules only may be applied if the user has logged in with the otp-password (but not with the AD password) then you probably have to use different usernames for "OTP-only" and "AD-only" authentication. Binding a backend authentication mechanism to a user object (as you escribe it) would not help you because then you would deactivate the possibility to authenticate a user with his AD-credentials as soon as you bind "RADIUS only-authentication" to a user object, which is probably not what you want.

  4. 89 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    sinve v8.0, IPsec is not bound to separate ipsecX interfaces any more. It´s just bound to the physical ethX device where the tunnel ends.
    So you can simply use your LAN and your WAN interface in the DHCP Relay configuration to enable dhcp relaying over the VPN tunnel. Successfully tested with 8.102..

  5. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    What scenario/business case is behind this request? I understand why someone wants to have domain-based SMTP routing based on the RECIPIENT domain or mail-adress, but I never heard about routing of mails based on the SENDER domain/mailaddress. What is the intention behind?

  6. 9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment An error occurred while saving the comment
  7. 19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    Elmar Haag supported this idea  · 
  8. 27 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  7 comments  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    if you use http proxy in mode "transparent with authentication" the authentication windows _is_ encrypted (https), so the passwords are transmitted securely between browser and ASG. Of course you need to have SSL Scanning activated in the proxy profile.
    Digest Authentication is not usable due to technical reasons (at least if the users are not local users on the ASG but backend users).

  9. 171 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  SG UTM » VPN  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    You can already achieve to supply a SSL VPN user with a "pseud-fixed" IP by using some SNAT and/or FULL NAT rules which map the dynamic IP of the SSL VPn user to a fixed statix IP. It is working fine, but of course a bit of administrative work if you have MANY SSL VPN users

  10. 42 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  6 comments  ·  SG UTM » Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    Elmar Haag shared this idea  · 
  11. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Elmar Haag supported this idea  · 
  12. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    Every ASG appliance has built-in serial ports, and ASG software installation also support console acces via serial port. Many people use this for OOB access in case the access over the network is problematic.

    Of course, management/administrational capabilities over the serial line are very limited, but well that´s normal for Web GUI based systems. But you are on the base linux operating system then and can perhaps reboot, set the correct route or something similar.

  13. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    YOu should be able to do this on two ways:
    either do not send the requests to a local interface but send them to the IP of the IPsec interface. then the requests and the responses match the same IP and it shoudl work
    OR
    you can use NAT to change the IPs how you want

  14. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    I don´t understand what feature Paolo excalty wants to have.
    You do not have to (manually) create all the 100s or 1000s of users locally on the ASG. If you have so many users, their credentials (username/password) are probably stored in a directory like LDAP or so? You can then define one lsap group on the ASG and use this group inside the "authenticated relay" configuration. So all uses can authenticate to the ASG with the exactly same credentials as they are using to their mailservers.
    Is this the feature you are looking for?

  15. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SG UTM » Networking  ·  Flag idea as inappropriate…  ·  Admin →
    Elmar Haag shared this idea  · 
    An error occurred while saving the comment
    Elmar Haag commented  · 

    Required feature is: allow to configure the mechanism how to check the availability of the members inside an avalability group network object.
    In v7.4, the check of the available servers is only by using ICMP (ping). This means it is not detected, if an application on these servers has died, but the server itself still responds to the ping requests.
    It would ba fine to have a mechanism (like in the "server load balancing") that allows to detection of unavailable servers not only by ping but by any other protocol.

  16. 124 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Elmar Haag shared this idea  · 
  17. 27 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Elmar Haag commented  · 

    changing the conjunction between the "for these sender addresses " and "for these recipient addresses " in the "SMTP exceptions" from an "OR" (like it is at the moment) to an "AND" would allow a domain based whitelist! (and much more!)

  18. 48 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SG UTM » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Elmar Haag supported this idea  · 
  19. 139 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Elmar Haag supported this idea  · 

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.