Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Multiple Pools for SSL VPN

    Hi,
    I configured Remote access on UTM 430 and while defining multiple profiles each having different access level. There is a limitation that Sophos does not allow different SSL VPN Pools. It leads to limited control. Mostly devices restrict access on the basis of IP subnet.
    Though Sophos allow access restrictions on the basis of user groups but this task is somewhat not easier.
    To restrict the access for a certain destination network, you need to disable the automatic created security policies and need to define manually.

    7 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    • Live log fiter

      Fix filter option on live logs so that it actually filters on the value added and only displays log entries that contain the entered value

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
      • Wildcard Domain Support for FQDN rule or FQDN host (*.sophos.com,*.iobit.com...etc)

        Customer having cloud base solution need to create FQDN base firewall rule for high bandwidth or exclude for web filtering .

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Flag idea as inappropriate…  ·  Admin →
        • It would be great if i can get a list or report of all defined networks (maybe for routes too).

          It would be great if i can get a list or report of all defined networks (maybe for routes too). At the moment i have to do this by showing all networks and hosts, choose all and copy/paste, clear all i don't need. :o(
          Thank you :o)

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow hotspot users to manage devices for vouchers

            In the scenario where a hotspot user's bandwidth usage needs to be strictly controlled, it would be ideal if users could register and de-register devices tied to a specific voucher if they are only allowed to use one device at a time and only have one voucher. This example is inspired from users on a ship where internet is accessed over expensive sat links.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • One Endpoint Agent that has all the capability like SSL/IPSec VPN, Authentication,AV, .. etc. And make space for new modules to be added.

              One Endpoint Agent that has all the capability like SSL/IPSec VPN, Authentication,AV, .. etc. And make a space for new modules to be added.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • Risk and Productibity of the application

                I want you to transcribe a risk for the application and a level of the productivity in a report of the application control.
                The information will be used for a judgment whether or not I block it.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                • Report of Web Protection

                  By a report of the Web use situation and the application control, I want a use situation function of the Web use situation and the application by a user unit and the time unit.
                  This is because it carries out an appropriate activity after average and duties time at duties time, or it can judge it.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add a feature in the mail protection to block e-mail where the "From" and "Reply to" are different, preventing Scammers.

                    I've received some scam from a gmail account, but with a"From" with the CEO e-mail address. So without checking the mail header, it is impossible to know this is NOT the CEO because UTM only check the "reply-to" account in this case. When you do "Reply", the new mail account appear (gmail), but this is easy to forget to check replying mail account.

                    14 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • wants to be able to specify what port is going to be used for SCP archives

                      Customer wants to be able to specify what port is going to be used for SCP archives - Logging & Reporting > Log Settings > Remote Log File Archives

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                      • Notfications when Radius timeout exceeds given threshold

                        After a number of radius authentication failures, send a notification email to the admins. Something configurable within a given time frame e.g.

                        "Warning 10 Radius authentication failures within last 10 minutes"

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Replace attachments including viruses with text-files

                          Possibility to replace attachments infected with a virus with a standard harmless text file.

                          4 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Prioritized QoS

                            Having the ability to have a hierarchical QoS that prioritized traffic based on certain criteria would be a useful feature. For example, allowing the use of YouTube video streams but marking them as a "low priority". When a user streams a video and they are either the only one on the network or everyone else is browsing at the same priority level, then the traffic will not be throttled. However, if another user starts a higher prioritized session while the video is streaming, YouTube's bandwidth is throttled to allow for the higher priority application to go unimpeded.

                            5 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Make it possible to export the spx database from one appliance to another, we are migrating services from a SEA to a UTM.

                              We would like to be able to export the spx database from our SEA to our new UTM.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                              • UTM managed endpoints need to show more information when not policy compliant

                                When your UTM managed endpoints report back to the UTM to say SAV policy not compliant, can more details be added to tell the user exactly what about the machine is not compliant because it does not provide enough information as it currently is.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • show the hostname in the UTM headline

                                  If you have more than one UTM - it would be nice to see that you logon to the right gateway.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Voucher Features Requests

                                    Hi Sophos,

                                    I would like to check whether this few feature can be implemented?

                                    1) Set Daily Limit to Voucher (eg, 400mb per day)
                                    2) Set Alert to notify when Voucher validity is about to end.
                                    3) Set Voucher duration to unlimited or 3 years and above.
                                    4) Auto renew Voucher when it expires.

                                    Regards,
                                    Nicholas

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Remote Access DNS server be a dynamic network Definition rather than a static setting.

                                      have UTM > Remote Access > Advanced > DNS server be a dynamic network object rather than a static setting.
                                      That way when you update the network object the DNS settings updates as well.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • spoof attack

                                        Working with Sophos support (case 5397031), the current product is not able to stop a spoof attack in which the "envelope from" is valid but the body sender address is spoofed as an internal address.

                                        SPF checks are not effective in this scenario and the message is delivered.

                                        22 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • SSL VPN policy with AD

                                          Add support to create SSL VPN connection to users from the specific Windows AD Group without needed to this user need login (By Captive Portal or Sophos Client) and after that associate the VPN policy.

                                          If I have a specific group from Windows AD dedicated only to VPN users, I do not get associate VPN policy to these user if they do not login first by captive portal, Sophos client or SSO, after that I can associate it into a VPN policy. But if these users do not have HTTP access, I cannot set VPN policy.

                                          16 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base