Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Static IP-Configuration for Access-Points

    For better IP-Management it would nice to have the option to configure the Access-Points with static IPs and the ability to restart them remotely.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • utm public IP feature when having two or more subnets

      Customer want to do like this:

      subnet A e.g. 192.168.1.x is going out using the public IP a.b.c.1
      subnet B e.g. 192.168.2.x is going out using the public IP x.y.z.2

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Additional fields in syslog messages - allow correlation with other logs

        For "reverseproxy" syslog messages, please include enough details to uniquely match the UTM's logs with other device logs (upstream firewalls, netflow, real webserver logs, etc).

        The current log doesn't include the local IP and port used by the UTM to make the request of the real web server and it doesn't record the source port used by the true client. This makes it hard to differentiate multiple requests coming from a single NAT IP address

        The resulting log would look like this:

        srcip='1.2.3.4' # existing
        srcport # add this to record the source port used by true client
        localip='9.8.7.6' #…

        2 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
        • Give control over Spooled/Waiting emails

          We recently had this situation where due to bad deployment in one of the production website in our environment there were about 300,000 emails stuck in Spooled queue. Now we knew out of these 300,000 about 299,000 emails were junk and we didn't want them but as probably the SMTP spooling works on FIFO mechanism we could not receive those remaining 1000 important emails until those 299,000 junk mails were processed. Sophos was running on 100% CPU all the time trying to process the emails but rate was pretty slow (about 80 emails per minute) so we had to wait…

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Block TeamViewer

            Block TeamViewer with Sophos

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Advanced Mail

              The mail manager need the functions of the barracuda spam firewall:

              Every mail (blocked/reject/spam) goes in to the mail log space (partition on hdd). when i go in to the mail manager under smtp log, i open the blocked or rejected mails to check the content. and are they good or desired i must be able to deliver and whitlist them.

              Advanced Mail Manager
              - Every mail archived in the mail manager hdd space for xx days
              - Able to open all mails to check th econtent
              - Able to deliver and whitlist them

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • S/MIME certificate batch import

                It would be nice to have an option to import S/MIME certificates with a batch job and not one by one. We have many thousands of certificates and it is very time-consuming to import them one after another.

                4 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Add a "bytes out" field in http.log.

                  A "bytes out" field in the http.log would help identify hosts that are sending a lot of data out of our company. This is important to know, regardless whether the data flow is intentional (e.g. malicious user) or unintentional (e.g. compromised host.)

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • I would like to suggest a feature which will enable me to manually clear a "Advanced Threat Protection" alert.

                    I would like to suggest a feature which will enable me to manually clear a "Advanced Threat Protection" alert. In case of an alert I now have to wait 72 hours before the alarm will be cleared by itself.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Automatic Firewall rules should apply to internal connections (DNAT)

                      When creating a DNAT rule to publish some service (located in DMZ) it is already reachable from external if Automatic Firewall rules is checked.
                      The automatic rule reads "Any to DMZ machine" in WebAdmin but doesn't do that, because --ctorigdst <External IP> is used in rule generation.
                      So it necessary to create another manual rule "Any to DMZ machine" to publish this service to the internal network.

                      Please add an option (checkbox) to modify rule generation to leave out --ctorigdst or --ctorigsrc (which means firewall rule: "Source to Destination using Service" without other limitations).

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                      • Selectors in Masquerading Rules should be sorted alphabetically

                        When creating a Masquerading Rule there are 2 selectors "Interface:" and "Use address:". Their content looks mixed - I suppose it's currently the order the interfaces or addresses are created or the internal structure.

                        Especially the "Use address:" selector could be very long and the entries may look very similar.

                        Please sort both of them alphabetically.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add a new option "type" for network definitions - AD computers

                          Add a new option "type" for network definitions that allows for AD computers within an AD security group (much like the AD users/groups dynamic memberships). This would allow much more flexibilities on how to apply "hosts", such as when creating a Web Filter Profile, instead of adding "internal network" or a specific host/hosts, we would be able to add to "allowed networks" an Active Directory group that would consist of computers that I added into that group via Active Directory. This is specifically important, since this would allow Web Filter Profiles to differentiate between domain machines and guest machines on…

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                          • Networking: Additional Dynamic DNS Provider support: DnsMadeEasy

                            Sophos UTM is an enterprise firewall solution, with respect for all home users out there, in the few cases where DynDNS needs to be run at a company location an enterprise class DynDNS provider is needed.

                            I would really appriciate dynamic DNS support for the provider "DNS Made Easy" (dnsmadeeasy.com).

                            Brgds,

                            Anders
                            Sophos UTM Certified Architect

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Order of content filtering

                              It would be nice if the content filter first checks the URL for availability, so if a user enters a wrong URL he gets a notification.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • User-level access control policy on Endpoint Protection

                                I would like to be able to allow flash drive access to certain users on all computers but not all users on the computers in Endpoint Protection, and there is currently no AD sync for Endpoint Protection.

                                Reference Case # 4857461

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • enable sorting clients in Endpoint Protection by 'last seen' for easy deletion of old clients

                                  This would give us the opportunity to easily identifiy and delete old computers that are no longer active.
                                  Endpoint Protection - Computer Management - Managed Computers Tab - Sort by Dropdown List

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Czech keyboard support for HTML 5 VPN portal (RDP, SSH)

                                    Add Czech keyboard support or transfer local keyboard layout to RDP and SSH sessions.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Web Protection: Search term alerts

                                      Implement monitoring of inappropriate search terms as this was a feature in Sophos web appliance that had been removed in the UTM.

                                      17 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Purge old machines from list of connected machines

                                        The Sophos Web Protection Appliance collects old machine names that were connected once - and never lets them go. I have machine names that are listed as connected endpoints in my Web Appliance that haven't existed in 2 years. Please allow admins to delete old machines.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • web appliance reporting

                                          Company and Contact Information

                                          Company: Vistek

                                          Contact: Michael Hogan & Jody Sudbury

                                          Sophos Partner (if applicable):

                                          Sophos Product Information

                                          Sophos Product: ws500

                                          Version in Production:
                                          v3.9.3.2

                                          Feature Request Summary

                                          How will this new feature address your business requirements?:


                                          Currently users are “charge” with the full size of a file like a video even is they just view a few seconds of it. Worse if they stop and restart a video they
                                          get “charged” with the full file size times the number of times they start it. We had the system report one user as consuming several GB of data even…

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base