-
One thing I really do like with Sophos UTM is the ability to mark routing based on domain name. So all requests to mikrotik.com out via gateway 1 and all requests to example.com out via gateway 2. That would be useful to me anyway vs IP based or having to try and add every conceivable hostname to an address list so it could be mangled. Perhaps this could be an option if one is using the Mikrotik as a DNS server vs inspecting all routed DNS requests.
-
The ability to have master and slave configuration sync between VRRP routers.
-
Native failed login alerts. Like either send email or run script upon failed login. Almost everyone has auto ban and alerting capabilities. I firewall access but its always nice to get notified if someone is poking around. And yes I know we can script and hack together a workaround but I am talking native.
-
Why don’t the vpn clients (l2tp,sstp,pptp) have the ability to execute a script on connect / disconnect like the server side does? That would be useful.
- Already possible without scripts. Address lists now support DNS names.
- VRRP protocol do not handle this. It need to be researched for another protocol or write our own from scratch.
- Already can be done with logging action send to mail with specific critical/error account topics
- You can run scripts on clients, just set them in ppp profile that client is using.
Thanks for the clarification.
On #1 I realize that it supports hostnames. I was referring to more of a wildcard *example.com This can be done in Sophos where I do not have to define anything except the domain and any request (123.example.com or abc.example.com will be routed per the rules I establish. I don’t know all of the hostnames on some of these domains and it could be 1000+ records.
Thanks for explaining the rest it is quite helpful.