Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Security heartbeat for utm 9.x

    It would be great if you iplement the new security heartbeat into the utm 9.x also.

    4 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Change UTM 9 (Not XG since it is still buggy) 50 limit to 100 limit due to ip6 on devices.

      Change the limit to 100 for UTM 9, not XG, there are those that do not want to upgrade until it is more stable and less buggy.

      6 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Enhance Reject at SMTP time

        Please separate each section "Sender Blacklist" and "Expression Filter" in two parts. One with the current behaviour (move to quarantine) and a new one with "Reject at SMTP time".
        The intention is to be able to reject spam at smtp time.
        My experience is, that some spammers include well known strings in their emails for example "unister media", "n . u s e . c c" or "ATU54744807". I do not like to kill that flood from the quarantine. And at the same time the spammer believes that the used email-address is active, because they had been accepted by the…

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Logging of SSL Filter.

          We had a particularly bad issue on 3 of our UTM devices. With SSL filtering enabled, mobile apps such as Facebook/WhatsApp/Mobile Banking Apps and quite a few others would not work.

          Relying on the built in logs, neither us nor Sophos support could see any packet drops, even with full logging enabled.

          Turns out SSL filtering affects mobile device apps much more destructively than on a web browser.

          There is going to be a partial fix apparently with firmware 9.4 but my suggestion is more fundamental: How can I trust a device if I cannot see what it is doing?

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
          • Clarify Hostname "Informational Text" next to UTM name in System Settings

            At the moment the text on the UTM states:

            "This is the hostname of the system. It should be a fully qualified DNS hostname, including a domain. It should be resolveable in public DNS and point to the external interface of the system. If you are using DynDNS, you should also use the DynDNS hostname here."

            Many older servers have internal (e.g. .local) names which is perfectly acceptable in this field. If you do use the external, resolvable name in these cases, it causes all sorts of issues as it is the .local address that has to be used here.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
            • UTM9 Rule Notification when user cancels\deletes a rule/policy

              When a user cancels\deletes a rule/firewall policy, the UTM doesn't give a notification to ask the user if they are sure they want to cancel\delete the policy or warning notification that deleting the rule/policy will delete it altogether

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
              • Resizable (or bigger) columns in Mail Manager

                In Mail Manager Quarantaine view the "from" column is important to decide if the mail is good or bad.

                However, even on a full hd monitor the column is very small and does not show the full address for most mails. the subject column takes most of the space.

                It would be good to be able to resize the columns (or at least let all columns grow on a big screen not only subject).

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Sophos UTM software installer with serial console enabled by default

                  Please see this www.astaro.org thread:
                  https://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/51383-sophos-pcengines-apu-6.html#post286165

                  With 8000 views, there is a huge VGA blind but SERIAL aware user community. We would love a serial console (ttyS0) enabled installer image.

                  303 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    10 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                  • XG Firmware Update Notification

                    The 9.x UTM has several places where firmware upgrades are not only posted but outlined as to what they include.
                    I can find NO such thing on the XG Firewall. I see that a new firmware was released, but nowhere can I find what is affected, fixed, and/or possible issues with the update.
                    I really hesitate to update without knowing this information

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                    • Connection Tracking Helper SFTP

                      A customer want to use a sftp Connection from extern to his Company. For this he install an QNAP NAS and activate SFTP over Port 2112 (SFTP Port 22 is not avaible).

                      The Problem is that when we want to connect extern the NAT and Firewall Rules is working, but SFTP Need more then the one port.

                      For FTP the solution and Routing works. But SFTP didnt work, For FTP you can use the Connection track helper, but SFTP can not use with that.

                      So please activate sftp to work with Connection track helper to work with the different ports.

                      24 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • sending SMS via 3G USB modem stick for hotspot authentication

                        Sending SMS messages directly from a connected USB modem stick for Hotspot SMS authentication.

                        14 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add support to choose multiple Hosted Address when create a Business Application Policy

                          Copernicus Project
                          Add support to choose multiple Hosted Address when create a Business Application Policy.
                          Imagine a customer with 3 WAN links and 50 Business Application Policies rules. It is needed create 150 Rules for this. This is a real case today.

                          27 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • HTTPS Web management port through Comman - IN XG Series

                            How to find SOPHOS HTTPS Web management port through Command
                            This features in not available in SF-OS pls add this in next release

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                            • AV samples request form

                              For each sample I want to check I have to set up all the needed informations all the time on the web site.
                              My idea: It will be easier I have to log on and all the needed information will be filled automaticly so I only have to descripe the reason and attach the sample.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • Revising the Policy Message flow for Email Appliance in behalf of a customer

                                Request to be more specific with number 4 for Allow List and number 7 Additional Policy on how the appliance is handling hierarchy so as not to confuse customers that content policy in the Additional Policy will bypass the Allow list if the message is not scanned by the anti-spam filtering.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • IPSec Site to site policy IKEv2 SA Throughput

                                  To configure a stable site to site with Microsoft Azure on a UTM 210 with a poilcy based route you have to configure the Phase 2 security association (SA) Lifetime (Throughput) as well as the time because without it the site to site will fall over as soon as you hit 1GB of throuhgput. The VPN will not connect until a system restart is performed.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow Multiple Pools for SSL VPN

                                    Hi,
                                    I configured Remote access on UTM 430 and while defining multiple profiles each having different access level. There is a limitation that Sophos does not allow different SSL VPN Pools. It leads to limited control. Mostly devices restrict access on the basis of IP subnet.
                                    Though Sophos allow access restrictions on the basis of user groups but this task is somewhat not easier.
                                    To restrict the access for a certain destination network, you need to disable the automatic created security policies and need to define manually.

                                    7 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Live log fiter

                                      Fix filter option on live logs so that it actually filters on the value added and only displays log entries that contain the entered value

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                                      • spoof attack

                                        Working with Sophos support (case 5397031), the current product is not able to stop a spoof attack in which the "envelope from" is valid but the body sender address is spoofed as an internal address.

                                        SPF checks are not effective in this scenario and the message is delivered.

                                        23 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Wildcard Domain Support for FQDN rule or FQDN host (*.sophos.com,*.iobit.com...etc)

                                          Customer having cloud base solution need to create FQDN base firewall rule for high bandwidth or exclude for web filtering .

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base