Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Extended RED logging on UTM

    Enable extended logging of RED device-connections on the UTM. This should include the following infos:
    - RED downloaded config from provisioning server
    - RED has initialized firmware update
    - DHCP-config the RED received (if configured as DHCP)

    This would greatly enhance the ability of the admin to debug RED-issues before opening a support call with the Partner and/or Sophos and may speed up recovery times.
    Therefore it would be beneficial to all parties :-)

    4 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    • Certificate expiration date

      Add a possibility to change the certificate expiration date in e-mail encryption

      4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Enable support for SR-IOV with Broadcom cards

        Current kernel doesn't support IO-SRV with bnx2x driver. Bnx2x driver should be recompiled with CONFIG_BNX2X_SRIOV to allow better performance in virtualized environment.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
        • 1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
          • New DynDNS provider: OVH

            Update-URL for OVH is on the bottom of this page: http://hilfe.ovh.de/DomainDynHost

            I'd like to see this implemented.

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
            • Repurpose SG1x5 as a RED device

              Allow a growing organization to repurpose a SG105 or 115 as a RED device as their needs grow. This would avoid trashing the device when you outgrow it.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
              • IP (source) block

                static:
                not groups (as a country) or range. But a single address that is attacking the UTM.

                dynamicly:
                (already present?) in one clear list. blocked GEO's or ranges. Temperal bans from the firewall by detected attacks. and the manual blocked ip.s

                When blocking the ip (or small range) chance to select: 30 min, 1 hour, 1 dag, 1 month, for ever.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Notifications for HotSpot

                  Allow enabling notifications for HotSpot login/failures. While not ideal for all environments some admins need to know this information and giving the option would be valuable.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • configuration: search Configuration for ip

                    Search Configuration for IP to list every usage:
                    Firewall-Rule
                    Route to this IP

                    Maybe you could add this search to the dialog "new Object Definition" after some time i found multiple definitions für the same Subnet / Host because someone didn't gues the correct Name

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                    • Block the UltraSurf Proxy

                      A lot of users are using the UltraSurf Proxy to bypass the the Network proxy and access the blocked sites like youtube and facebook and ***** websites.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                      • 1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Place hotspot in front of VPN to protect access on remote sites

                          It would be Nice to have some kind of Hotspot not only in front of Interfaces but on Connections.
                          example:
                          bevore granting access through a site-to-site vpn the http or telnet / ssh request on a target-device is intercepted and replaced with a Form to enter Credentials, after successful authentication it will allow the connection from the specific source ip.

                          I have seen this Feature in a Cisco Pix and the Customer needs this feature to replace his old Firewall.

                          Cisco Command Reference:
                          http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/a1.html#aaa_authentication_match

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          • UTM as a NAC-Appliance

                            setup UTM as a NAC-Appliance where Switches can connect (via Radius?) to authenticate the connected devices and push them into specific vlans

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • Import IP addresses from txt or CSV file to network definitions in Web Manager

                              I have over 3500 IP addresses I need to add into my network definitions. I need to add them all to firewall definitions. It would save me so much work if I could just import these IP addresses as a CSV into a bunch of network definitions.

                              It would be even more advantageous if I could import the IP addresses to network definitions and have them all automatically go into a network group.

                              52 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                              • Endpoint Protection via MSI

                                Can't believe that an 'Enterprise' grade product doesn't have the ability to push install the Endpoint client via MSI.

                                Definitely a big issue.

                                Please can we have this?

                                16 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • RED: VLAN Tagging and Sophos AP Support in Standard/Split Mode

                                  Actually there is no way to use VLAN Tagging and Sophos Accesspoints on RED Sites if Standard/Split Mode is selected.
                                  Why: If there is small internet connection on the UTM Site, it is useful to route the Internet traffic directly to local Internet router on the RED Site like Split Mode.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Firewall Automatic UPnP Option

                                    I saw an older post about having to option to enable UPnP on the firewall. I understand that it is inherently less secure so should be disabled by default. Would be nice to enable it by even a per IP or MAC basis. With all the other features of the firewall that can detect botnet traffic it shouldn't be that big of a downgrade in security. I've tried Sophos UTM Home for personal use and punching holes in the firewall for every single device was hard enough let alone how it would be for a larger network makes it hard…

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Email Encryption: Add internal encryption / Add feature to send the password via SMS

                                      Email Encryption: Add internal encryption / Add feature to send the password via SMS

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Email Protection: Add DNS Group as Smarthost

                                        When use a smarthost for outgoing email it is not possible to choose a DNS Group

                                        6 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Enable the use of the WAF as a front end for Remote Desktop Gateway.

                                          Include RDG over HTTP in the webserver protection firewall in a similar way to allowing Outlook Anywhere. to allow the use of Remote Desktop Gateway services, including the remote apps feature within /rdweb. Currently the HTTP based traffic is passed fine however when attempting to negotiate the use of a remote app the WAF resets the connection due to RDG_OUT_DATA not being a valid header. Would if be possible to pass this traffic uninspected as you do with RPC.

                                          Thank you.

                                          Mark

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base