Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Some mail logs’ subjects are in Chinese, but users could not read

    Some mail logs’ subjects are in Chinese, but users could not read
    the logs are from the system logs (under the System > Backup > Data Backup)

    eg: Aug 27 04:16:28 DEVBWB-ES5000-EMAILGW-W queue[2709]: 125321DE72DF_21C2814F: status=sent (250 2.0.0 Ok: queued as 0D8EC1DE74F0_21C281CB)
    subject==E9=82=93=E5=B0=8F=E5=B9=B3=E6=94=BF=E6=B2=BB=E5=88=A9=E7=9B=8A=E9=9B=86=E5=9B=A2=E6=B4=BB=E6=B4=BB=E8=A7=A3=E5=89=96=E6=AF=9B=E6=B3=BD=E4=B8=9C=EF=BC=8C=E5=81=9A=E7=88=B1=E6=98=AF=E4=B8=8D=E5=8F=AF=E4=BB=A5=E7=9A=84

    8 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Under logging and reporting add a feature to filter usage by MAC address.

      A customer called in with a request that he be able to view web protection and network usage reports, filtering by MAC address as opposed to IP or authenticated user.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
      • Web Application Firewall: Remote Desktop Gateway support

        Similar to support for Outlook Anywhere, it would be really beneficial if the WAF allowed for the publishing of Remote Desktop Gateway and handled those methods. RDG_OUT_DATA followed by RPC_IN_DATA and RPC_OUT_DATA, and including /RemoteDesktopGateway in the request. It seems like common functionality that many customers must be looking for...

        26 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Email notifications when AP down

          Email notifications when AP down

          7 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • change default firewall rules

            I d suggest to change the default firewall rule target from "any" to "internet ip v4"
            in my opinion "any" rules are a really bad design feature

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Change how the file download manager works

              The current implementation of the download manager could, in my opinion, be done better.

              If, like me, you do not have a blindingly fast internet connection there does not appear to be any way to control how or when the download manager page appears in the browser if you want the security of web scanning.

              When the download manager page appears it does so by opening over the page where the download link is. You can only return to the original page after the download is complete, which is not very user friendly.

              Ideally, the file download process (and scanning…

              9 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Syslog - ability tor differentiate what events wil be sent to syslog server

                At the moment all events are passed to the remote syslog server.
                I would like to be able to choose if events and then what events (per option as Web protectection etc if possible) will be sent to the syslog server.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                • Configure Dead Peer Detection based on connection

                  Currently Dead peer detection (DPD) for IPsec connections is configured under 'Advanced' and can be only switched off for all connections. There is no technical reason to do so because the underlaying strongSwan allowes configuration based on each connection. Image a large installation with over 50 VPNs and only one remote gateway where RFC 3706 is not correctly implemented. Please move this option to 'Connection' or 'Policy'.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow multiple simultaneous html5 vpn users

                    http://www.astaro.org/gateway-products/vpn-site-site-remote-access/46551-html5-portal-multiple-users.html

                    Basically we need the ability to establish a pool of html 5 connections so more than one user can use the html5 portal at a time using rdp or any other protocol.

                    90 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      5 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • SSL VPN Support for optional entries in .ovpn, ie. cryptoapicert

                      Could it possible to define additional or alternative options in SSL VPN Profiles for User-Portal-downloadable .ovpn files?
                      My suggestion is caused in the need for altering certificate handling.
                      I have installed certificates on eToken. Installation is made by PKI Client of eToken by importing certifictaes in PKCS#12 format.
                      Then my additional steps: remove the Certificates from SSL VPN Client config-Directory, remove the entries in .ovpn and add the entry cryptoapicert "THUMB:<Fingerprintnumber>".
                      It would be nice, when i could define this in Userobject on UTM like a Button "Use Certificate Fingerprint instead of Certificate-File".

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                      • Ability to force traffic not to go through one of two outgoing WANs/Uplink. Even if it means no connectivity

                        At the moment we have two uplinks and a muti-path rule to force for one particular server to make its traffic through one of the WANs,

                        However when that WAN goes down, the traffic goes through the second WAN and the server shows as coming from a different IP which causes a licensing issue which needs to be reset manually once the required WAN is back up.

                        We have discovered that we cannot force to NOT use the secondary WAN and force loss of connectivity. (ticket [#4171412]), so that means we cannot use the load balancing and redundancy of WAN…

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Ability to use a Active Directory security group to receive quarantine emails rather than add each email address to exclude

                          Ability to use a Active Directory security group to receive quarantine emails rather than add each email address to exclude

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Active Directory Recipient Verification against more Domain Controllers

                            i use the Active Directory recipient verification to reduce our exchange-veriification overhead and use two ad-domains in a forest that contain members with the same email-domain.

                            for example : domain.local and extranet.domain.local

                            i've added the required domain-controllers under authentication-servers. it's not possible to use ad-recipient verification for users in domain extranet.domain.local until i would set the alternate base dn. but i need a function that the firewall will search against all domain-controllers for this user.

                            At the moment the sender will receive follow errormessage:
                            Rejected: Rcpt verification (Address not present in directory

                            5 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • RED: ASG RED-Configuration by CSV-File

                              It would be nice if there is a possibility that you can upload a predefinied csv-file with all the configuration-data for a mass red deployment.

                              Example:

                              Branch-Office Name; RED-ID; IP-Addr; Subnet; DNS, DHCP-Start, DHCP-End,Tunnel-Mode.

                              9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow the use of privately maintained ddns server

                                I run my own ddns server that is running on bind9. It would be nice to be able to use my own server than have to rely on an outside vendor.

                                7 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                • Allow editing of apps from the "Application Control" area.

                                  If we come across an app that is not listed, we would like to add to the list. An example is the "SnapChat" app. We need to block this.

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • The red 10 should stay up and running and service endusers with an internet connection when connection to UTM cannot be established

                                    The red 10 should stay up and running and service endusers with an internet connection when connection to UTM cannot be established. Now the red remains rebooting until connection to utm can be established again while the internet connection is fine.

                                    40 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • OS: Support GPT partititioning (allow > 2TB disks)

                                      Currently, installing on a disk or RAID over 2TB is impossible due to the DOS partition table limit.

                                      Please replace with GPT.

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  AstaroOS  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Flag inappropriate web usage from users based on custom profil

                                        Can be userful for education like us to have some internet user profil.
                                        The night the system will create report from web usage and flag user as some kind of user.

                                        Exemple :

                                        Custom flag call: inappropriate usage

                                        If a users as 25% of his web usage as trying to access *********** and 25% of Uncategorized site then flag the user as innapropriate usage.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Bridge to Lan AP should continue service without UTM online

                                          Accesspoints configured to bridge to lan behind a RED should stay up and running, even when the RED has no active UTM tunnel.

                                          8 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          1 2 8 10 12 81 82
                                          • Don't see your idea?

                                          Feedback and Knowledge Base