Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Route All traffic from Endpoint to UTM Proxy (like TMG agent)

    At this moment (UTM 9.2), Sophos Authentication Agent have only one function - map IP and User.

    But TMG customers like to use a TMG agent, which can route all outbound traffic from host (not only http/s) to TMG proxy.

    If we will have such functionality, this will allow us:
    - have all traffic on UTM from host (even UTM not as Default GW).
    - use this agent for Terminal servers (separate different users by ranges of ports).

    10 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
    • SPX Reply Portal Attachments

      The built in "Reply Portal" for SPX should allow the recipient to attach files with their reply.

      107 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        4 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • SSO over WAF

        Planning to replace TMG with other UTM product. Sophos is looking good - but some features is missing which are a must have for me:
        Any change we will se
        * SSO for reverse proxy
        * Link translation like we know it in TMG
        * AD user change password option through rev. auth

        These are the only major issues preventing us from switching to Sophos

        4 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • 1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
          • Integrate FIDO U2F as form of two factor authentication

            We are heavily using Google Authenticator together with our UTMs but would like the ability to issue a user an open source hardware solution that can go on their key ring. Our power users tend to run out of battery life on phone while traveling and a device on a key chain would allow for ease of access and a knowledge that all users can get in and accomplish the important business items they take care of.

            Our other solutions allow us to use something like a Yubikey Neo and gain access to everything no matter batter conditions.

            Benefits:
            No…

            9 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • Add more feedback for users when mails where sent encrypted

              Add more feedback for the user, so they can see if a mail was sent S/MIME or PGP signed / encrypted.

              4 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • 6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Flag idea as inappropriate…  ·  Admin →

                  This feature is already possible today, though it requires use of either the per workstation authentication agent, or using the hotspot feature, authenticating it aganst your back-end servers.

                  Nonetheless, we are working on enhancements to user awareness, making this much easier to do, and this is planned for a major release sometime mid-2015. as such, I’ll mark this as Planned, though it is also already possible.

                • WebAdmin: Related objects/configurations should be directly clickable

                  When clicking the "Show where this object is in use and its last change" button, a list of related objects and configurations is shown.

                  These related objects and configurations should be clickable to be taken directly to the specified object or configuration.

                  9 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add configurable request header field for reverse proxy into webadmin

                    Browser generate sometimes for services like ADFS very big request headers.

                    It would be great if you can implement such a editable field in webadmin.

                    One issue is described in the following threat.

                    https://www.astaro.org/gateway-products/web-server-security/53339-9-205-12-adfs-2-0-waf-dont-work.html

                    23 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Generate .onc file in user portal for ChromeOS VPN

                      ChromeOS VPN can import .onc files to configure connections that can include all connection parameters and certificates. It should be fairly easy to create the appropriate files in the user portal along with the other platform files.

                      The ChromOS import is at chrome://net-internals/#chromeos

                      7 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                      • waf report

                        The executive report could show the attacks detected and blocked by the WAF.

                        11 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                        • Extended RED logging on UTM

                          Enable extended logging of RED device-connections on the UTM. This should include the following infos:
                          - RED downloaded config from provisioning server
                          - RED has initialized firmware update
                          - DHCP-config the RED received (if configured as DHCP)

                          This would greatly enhance the ability of the admin to debug RED-issues before opening a support call with the Partner and/or Sophos and may speed up recovery times.
                          Therefore it would be beneficial to all parties :-)

                          4 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow for at least logo customization of the User Portal and WebAdmin page.

                            Would like to see the capability to extend at LEAST logo customization of the User Portal page. Ideally it would be beneficial to modify the logo for the WebAdmin portal as well, however the User Portal customization is critical if we are to position this solution against competing products from Juniper (MAG), Palo Alto, and Fortinet.

                            31 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                            • Provide Admins a way to Disable 802.11b

                              I've had several customers ask for the ability to disable 802.11b, etc. for wireless networks they have deployed. This is to increase performance (less radio "noise", etc.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow UTM to manage other sophos products

                                Id like to be able to manage all of our Sophos products, single pane manage. I like the UTM interface, it would be great if I could control web/mobile/antivirus all in the one place.

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                • let us decide, if we want to block the Dropbox app or the Dropbox homepage

                                  Now automatically both features are blocked, but I just don't want the App on my system. I don't mind if the users use Dropbox via web page.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add IP PBX subscription

                                    I have a lot of customers that need to install an IP PBX inside their network,
                                    instead of installing a third party solution,
                                    Why not Sophos Sg series integrates with Asterisk, as it is open source

                                    9 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Report on which users have downloaded what files (executable files etc.)

                                      I would like a report that shows which users have download what file types (e.g. executables, videos etc.). Showing from where they were downloaded would be good to have as well.

                                      6 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Import IP addresses from txt or CSV file to network definitions in Web Manager

                                        I have over 3500 IP addresses I need to add into my network definitions. I need to add them all to firewall definitions. It would save me so much work if I could just import these IP addresses as a CSV into a bunch of network definitions.

                                        It would be even more advantageous if I could import the IP addresses to network definitions and have them all automatically go into a network group.

                                        49 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Enhance Application Control App Categorization

                                          Lot of people would like to be able to easily block advertisers, web trackers and analyzers to enhance their surf experience in general and to enhance privacy too by blocking all those trackers and analyzers.

                                          There are already >150 of such advertisers, trackers and analyzers as apps in the UTM's application control. Sadly all of them are categorized as "web services", which is misleading andunhelpful, as in this category are also CNET and Mozilla downloadservers, CDN's as Akamai etc., whic disallows a simply general block af that category.

                                          I propose, that this "web services" category will be splitted further into …

                                          155 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base