Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Provide iOS Devices in Web Protection Exceptions

    When browsing certain URL's the web protection is blocking a video from playing at wimp.com and requires an exception for skipping virus and MIME type blocking. As an option in place of URL skipping it would be good to provide skip based on the iOS Device instead.

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Enhance Block Override feature capabilities

      Currently, the block override doesn't allow override of file extension blocks, as well as others, but it would be useful to optionally allow more granular control over where it does and does not work. For example:

      >> Allow file extension or MIME type blocking
      >> Allow files larger than the maximum download size
      >> Prohibit some content categories from being overridden. For example, "Job Search" is blocked but can be overriden, but Nudity is blocked and cannot be overridden.

      --- Original Request ---
      There should be a button, when extension blocking blocked a file, that admins can click on and…

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Administrative permission to endpoint protection

        Would you like to be added to the permissions of the Endpoint administrative users, ie, only authorized users could access only the endpoint for editing policies.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • application control on schedule

          Being ablee to do application control on schedule for per exemple allow facebook only on lunch and break time

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Rename pc in endpoint

            being able to rename pc into the webadmin for being able to rename pc

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Use all features of IOS7 in SMC

              IF restriction are set in IOS7 using SMC and the users enters there own restriction password, ( as this is not set by SMC) the user can undo many of the restriction, this need to be changed to allow for 2 passcodes, one for the device and one for restrictions

              Item not listed in SMC 3.1.6 UNDER THE RESTIRCTION SCREEN IOS 7

              ON ALLOW

              No Allow/Not Allow for CARPAY

              ON ALLOW CONTENTS
              No Allow/Not Allow for FILMS
              No Allow/Not Allow for TV

              ON PRIVACY
              No Allow/Not Allow for LOCAL SERVICES
              No Allow/Not Allow for CONTACTS
              No Allow/Not Allow for REMINDERS …

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Fix DynDNS with multiple Domain Names

                I don't know if this is a problem with other DynDNS providers, but it is a problem with Namecheap. If you were to configure abc.mydomain.com, and then try to configure abc.anotherdomain.com, you will get the error:
                The DynDNS mapping object with the name 'abc' already exists. This effectively prevents using more than one domain name with DynDNS.

                5 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                • edit HTTP Header

                  Edit or hide HTTP Headers such as the Server Header.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • integrate an IPSec policy that supports native Mac OS X Cisco IPSec Client.

                    We have a lot of customers using Macs and iOS Devices. But we also love Sophos. Please make IPSec VPN compatible with the native OSX Client. L2TP is useless as it fails with multiple networks attached to the UTM. (You need to pass all traffic through VPN or manually adjust routing tables on client site. Both ways are uncomfortable.)

                    Maybe I missed something, than please give me a hint.

                    thank you

                    rgds
                    jerry

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow the usefulness of translate.google.com

                      At present translate.google.com is categorised as Proxies and Translators and is blocked under the default group policy.
                      We would like our users be able to use google translate to translate pages and text that are in other languages but without being able to use it to circumvent policy rules and get to blocked sites.

                      7 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • allow display of all new quarantined mail subject lines and senders, in the puremessage quarantine digest email

                        allow display of all new quarantined mail subject lines and senders, in the puremessage quarantine digest email

                        this saves the user logging into the quarantine website and manually checking

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • allow users to select the reports they want emailed to them

                          If I schedule a report from our web appliance I can select the package I want but not the individual reports within that package. For example the Policy compliance package has the following reports but I do not want all of them

                          Top Bandwidth Users - top 25 users who consumed the most bandwidth and their top five destinations
                          Policy violators - full list of users who violated policy and attempted to access unauthorized categories
                          Top Users by Browse Time - the top 25 users by time spent browsing web pages

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Support for MTP (android devices) data copying

                            Sophos currently do not support MTP devices connected to machines using any Safeguard product (support call 4077876). This means that a user can connect a Samsung S4, and copy files to it unencrypted. There is an app available, but these are not company phones and other than using Sophos AV (which we do not), users are not going to install the APP and can copy files unencrypted

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • hostapd & WiFi cards

                              I'd be delighted to have my mPCIe WiFi card showing up in the interface list so i could build up a WiFi segment with hostapd directly from my UTM 9.x device... Ahhh yeah that'll smoke everything else for sure =)

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • For shared Encrypted laptops, the ability to add a POA user account specific to a Computer rather than to an OU.

                                In Safeguard Enterprise. For shared Encrypted laptops, the ability to add a POA user account specific to a Computer rather than to an OU, to allow a logon through POA, obviously not onto the domain

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Heartbeat Interval Adjustment

                                  Ability to adjust the heartbeat interval, vis a vis Microsoft Exchange ActiveSync

                                  The average of the most recent heartbeat intervals [477] for request [Sync] used by clients is less than or equal to [540].
                                  Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • How about an easy way to add multiple file exclusions in UTM Endpoint

                                    I would think this would be a requirement for the product to be competitive in todays market place. Given that Sophos recommendation is to exclude process/files in Microsoft AV exclusions list (there are numerous), you would think there would be a less manual method of adding exclusions. I've never seen an AV product where you couldn't copy and paste exclusions.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add "lefthostaccess=yes" in StrongSWAN configs.

                                      "conn" entries in ipsec.conf should include (or have the option to include) "lefthostaccess=yes" to allow the UTM host itself to use the tunnel. This allows the web proxy to operate when local clients access web servers at the remote site. It also allows DNS Request Routing to function through the tunnel.

                                      http://www.astaro.org/gateway-products/vpn-site-site-remote-access/51539-dns-forwarder-over-ipsec-vpn.html

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Ability to manage file exclusions from SUM or least be able to add file exclusions in less painful way. IE SSH -> single command for rule

                                        Adding file exclusions in UTM is painful. Especially when there are 100's provided by vendors like Microsoft. Then you have to do it for each site. Lot of work here.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Block Internet Download Manager

                                          Please Make this feature visible soon, we need to handle this Apps Under Sophos UTM.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                          1 2 9 11 13 89 90
                                          • Don't see your idea?

                                          Feedback and Knowledge Base