Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please do not require PAP for Radius authentication for SSL VPN or Portal

    Just finished support case with Sophos support, and while not documented this way, PAP (unencrypted authentication) is required to support Radius authentication for both Portal and SSL VPN. Please remove this requirement.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    • About the downloading of the firmware package

      It is said that there is SophosUTM with a little free space of root partition.
      However, the firmware package is downloaded unconditionally.
      Capacity lack is in this way accelerated more.
      This thinks that there is a problem with a design.
      For example, I want to evade it by putting a symbolic link on /var/log or /var/storage.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
      • RED Übersicht - Kommentar mit anzeigen

        Sehr geehrte Damen und Herren,

        wir haben Ihr Produkt die UTM9 in vollem Umfang im Einsatz. Ebenfalls nutzen wir die Red für die Anbindung im Home-Office sowie in den Niederlassungen.

        Im täglichen Umgang fehlt mir in der „RED-Verwaltung“ – „Übersicht“ die Möglichkeit das Feld „Kommentar“ – welches unter „RED bearbeiten“ aufgeführt ist, mit anzuzeigen.

        In der Übersicht wäre somit Details welche im Feld Kommentar hinterlegt sind direkt sichtbar. Wir hinterlegen dort z.B. wo sich die RED befindet und wer diese im Einsatz hat.

        Sicherlich ist dieses Feld einzublenden eine Kleinigkeit. Ich würde mich daher freuen, wenn dieses im nächsten Update…

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
        • the REDS can handle a second DNS server

          the REDS can handle a second DNS server

          4 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
          • UserPortal Language Choice

            At present, Fallback Language is available but it the capability to force the same language as the welcome text would provide a more consistent interface.

            If having an administrator configured default language is not possible, maybe an option for the end user to change their own language setting. Many users comment that they are more comfortable with English terminology for things like mail quarantine etc through years of experience rather than translations that are sometimes too literal.

            2 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
            • Attachment, link, and file emulation

              Email is a huge vector for malware. Not all of it comes in as an attachment. Links in email often lead to NEW malware. NEW versions of malware are attached or embedded into Office documents. Files users download may have NEW undetected malware in them.

              Palo Alto has Wildfire. FireEye has a similar service/appliance. Each service takes URLs, Office documents and unknown files and detonates them in a sandbox to determine if they are malware. Previously unseen downloaded files are uploaded to the same service. When NEW malware or malware links are discovered, an update is pushed to all subscribing…

              16 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Add option to disable creation of crash dumps in /var/storage/cores

                By default, Astaro (Sophos UTM) creates crash dumps in /var/storage/cores/ to assist with troubleshooting crashes. Since the free Home Edition doesn't include support and a home user is unlikely to have the skills required to analyse these dumps, there is no need to create them. Therefore, it would be useful to have an option to disable the creation of the crash dumps that is enabled by default when Astaro (Sophos UTM) is installed with a free Home Edition license.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                • On the web appliance group major sites and required subsites

                  On the Sophos Web Appliance, it be good to see the possibility to group subsites to popular domains such as facebook and twitter together when allowing it in a policy. For example facebook uses other sites to host content (pictures etc.) on fbcdn.net, abs.twing.com, etc. If we allowed facebook.com to some users, and the other subsites mentioned were blocked by policy page content would show up muddled an format would be wrong. Can you group these web services together for popular sites and make it easier to add in the local site list. Instead of having to add 5 separate…

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • option to delete and add to blacklist in mail manager in UTM

                    in Mail manager you can select email and then in the options below you can delete them but it would be great if you could delete and add to blacklist all in one go.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • POP 3 release option

                      Option for release of mail for POP3

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Second DHCP Server in DHCP relay

                        It would be great if you could enter two DHCP server in the DHCP relay. We have two Windows 2012 R2 server with an active/standby Cluster. If the active node Fails, the secondary will take function. But we have to take care, to change the server in the relay on the UTM to let it still work.

                        51 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • SUM notification

                          SUM sends out email or sms notification when UTM clients fail to be relicensed at end of month process due to any issue.

                          4 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                          • customize executive reports

                            I would be nice to have the ability to customize the headers and footers of the executive reports as well as have the ability to change the logos on them.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                            • Whitelist individuals when using block from non existent domains

                              It would be helpful if we could whitelist individual domains when using "Block Mail from non-existent Domains"
                              Occasionally some legitimate senders use fake host names in their addresses even though the domain is valid.
                              Example: user@mail.mydomain.com has a valid dns lookup. But user@systemmail.mydomain.com does not. The domain is valid but the host is not. We don't want to turn the feature off globally but would like to be able to whitelist these senders that are legitimate customers but refuse to get their dns records straight.

                              9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Percentage of failed PING (line quality) to failover RED / UTM

                                Please add the capability to failover WAN link (in RED and UTM) via a line quality standard (% of failed PING, etc). We see RED and UTM jump back and forth between WAN links when ping fails enough. Sometimes the pings are good enough to failback to primary via uplink monitoring. However, the line is still not good enough to be back at primary.

                                Client side is left in a very unstable position as the links go up and down and back and forth.

                                This option should be placed somewhere in Uplink monitoring and should allow for a user defined…

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Reporting: When extracting the report, the values of the Traffic is displayed in Bytes rather than KB,MB, & GB?

                                  Reporting: When extracting the report, the values of the Traffic is displayed in Bytes rather than KB,MB, & GB.

                                  4 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Two factor Authentication with back-end server RSA / Vasco tokens

                                    To allow authentication from the UTM to use a back-end RSA/Vasco token server to authenticate user.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • SPX encryption: Changing language of SPX Password portal

                                      It would be nice if you could change the language of the SPX Password portal

                                      38 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Block wireless clients

                                        I had the situation that a wireless client (using a guest network with voucher) was doing unwanted things. He also caused ATP Alerts.

                                        It would be a nice feature to have a "block client" Button to block his MAC address and to prevent this client to access the WiFi anylonger.

                                        12 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow CRLs to come from URLs or file shares

                                          The UTM allow certificate revocation lists to be uploaded. This is time consuming and a security risk as a new CRL must be uploaded from an external CA any time there is a change. The CRL function should allow multiple URLs for CRLs (for instance from a Windows enterprise CA) and file shares for automated updates

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base