Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Filtering IP Blacklisting

    When you blacklist an IP address it shows as malicious and is not saying "blacklisted"

    When you blacklist a DNS domain it shows first as category block when you haven't set it as blacklisted but then it will correctly show as "blacklisted" afterwards. Won't work in the IP blacklisting though.

    6 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Add access controls for RED "Listening" Service

      As a Sophos Partner, I'm increasingly getting hammered by clients who have to subject themselves to audits in order to do business. Therefore I am asking that Sophos add access controls to the RED listening service. I am requesting that the RED service on the UTM be configured to use any arbitrary IP address on any of the WAN interfaces, and only allow connections from RED devices from known IPs. Here's why:

      I have clients who fail PCI compliance audits because of the self signed IP. I know that the 1 CA trust model is better, but the auditors my…

      7 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
      • Have a explicit encrypt all emails option

        As well as capturing specific data in emails to trigger SPX encryption there should be a option to encrypt all outbound emails from a domain or user.

        4 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • MailSecurity: certificate download via LDAP/OCSP for S/MIME

          it should be possible to automatically download S/MIME certificates from LDAP and encrypt outgoing mails. Also it should be possible to enable OCSP for CRLs.
          Thanks.

          9 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Improve the site classification feature

            Improve the site classification feature to include more sites such as en.m.wikipedia.org or all subdomains of certain known sites. Also, provide an online tool to see how sites are classified.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Need UP2DATE Update in web gui

              Upcoming Up2date firmware should be visible on UTM Up2date box to avoid

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
              • poa password expiry

                Have the ability to set a policy for POA users so their password expires after a certain amount of days.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • Web Protection: Possibility to select existing URL blacklist & whitelist objects

                  In UTM 9.3 Sophos introduced the concept of URL tags, but the referenced website configuration "only" supports URLs, domains, ip addresses and CIDR ranges. So they do not fully replace blacklist/whitelist entries which especially allow regular expressions.

                  Therefore I do not see http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/436457-web-protection-global-url-blacklist-whitelist-f as completed.

                  Internally, black- and whitelists are obviously already global objects that are referenced in filter actions. And UTM already requires them to have a uniqe name even across filter actions. So we just need a possibility to choose the existing ones from a left hand side list like any other global object.

                  15 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Mobile access via ssl, hide Mobile Client/download

                    it must be possible to hide the download of mobile clients from the PlayStore / I-Tunes in the userportal

                    6 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • Create Custom Sub-Categories

                      I want to be able to modify the names of all sub categories as well as create new ones. the fact that we can modify websites and group them into different sub-categories is great, however I would also like to be able to create my own sub-categories.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Use hotspots based on IP Ranges instead of interfaces

                        Hello,

                        Instead of using hotspot authentication based on the network adapter we can define hotspot authentication based on the IP Address of the device or router providing the service.

                        2 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • hot add network interface support under VMware

                          In Vmware vSphere you can hot add network interface but it doesn't appear in the webmin, you need to reboot to use it.

                          thanks

                          5 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • WiFi Radius authentication also authenticates for web filter.

                            Whenever a user signs into wifi on a mobile device with their username and password It should authenticate for Web Filtering Automatically. This way when teachers use their login on their mobile devices they can access facebook but students using their login cannot.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • Pany code in URL filtering

                              In modern world, DNS name can contain not only Latin symbols,
                              but also Names in Local language format.
                              UTM understand Pany-code, we even can define something, like this in WebAdmin (in BlackList or WhiteList):
                              http://xn--80aafi6cg.xn--p1ai/
                              but you don't understand, what is it.
                              For administrators useful have readable domains.

                              2 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Web Application Firewall - Allow more granular exceptions

                                Allow exceptions to be defined more granular. For example allow specific protocol anomalies in HTTP Policy or specific checks in SQL Injection Attacks.

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Enable the admin to remove unused Website Tags in Web Filtering

                                  If one defines a website tag in the UTM for a collection of URLs, then later desires to fully delete the tag (the tags remain in the configuration db even if not assigned to any URLs), there is currently not a way to do this. I contacted support and they said this would be a feature request (seems like missing basic functionality to me).

                                  6 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Better classification of categories for AFC

                                    Currently about 50%of our traffic is being classified as 'Unclassified' please can more traffic be recognised. Especially proxy and VPN traffic such as Browsec.

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Parallel Usage of VPN(SSL), Userportal and other HTTPS Sites on Port 443

                                      It would be nice if you could handle it, that we can either use port 443 for VPN (SSL) as also OWA/WAF and(!) Userportal. May this is possible?

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • option to manage MSS-Size

                                        Our internet connection requires a special MTU and MSS size.
                                        The following rule is required to filter the traffic for all clients on the WAN and WiFi

                                        iptables -t filter -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN
                                        -j TCPMSS --set-mss 1360

                                        This rule can only be added via the terminal and is not persistent.
                                        Please make this option available in the GUI.

                                        References: https://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/31852-strange-problem-some-sites-working-some-not-2.html

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Upgrade SSL VPN SPEED from 10 to customized or up to 100

                                          My advice upgrade SSL VPN speed from 10 up to 100 or customized speed connection.
                                          Usual provider giving you 25 Mbps down and you have in office 100 Mbps fiber and you would like to work with 25MBPS exactly what provider give you at home, and you cant because you're limited for 10MBPS via SSLVPN , then instead of SSL VPN you should open PPTP or L2TP from Sophos and then you get all results of 25

                                          6 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base