Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Web Server Protection: Support for ActiveSync 14.1

    WAF doesn't support ActiveSync 14.1, i.e. after you install SP3 for Exchange 2010, you can't use use WAF to protect your ActiveSync Server anymore. This is poor.

    134 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      Under Review  ·  5 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • add greylisting by domain region or extension

      The greylisting is currently all or nothing but recently, we have received several spam marketing campaigns using EU domains. Our company does do business a little with EU domains so the effect of greylisting would not be a big deal for EU but, if I were to turn this on for everything, it would impact us. Regional or granular greylisting would be a helpful addition for fighting temporary spam domains.

      2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Additional supported UMTS devices RED 10

        I really want to see more supported devices on the RED 10, if even extend the current support on the RED to what is available on the the UTM.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
        • HTML5 VPN Portal: Support for Windows RDSH Servers which are member of a RDSH Farm using a RDSH Broker

          Sophos UTM 9.201-23 does not allow you to publish a Windows RDSH Server Farm using the HTML5 VPN Portal. The vast majority of our users would only need access to the RDSH Farm and therefore would never need to install a VPN Client if the HTML5 VPN Portal could handle using Remote Desktop Protocol to a Windows Remote Desktop Session Host Farm. The initial login screen loads without issues. However, as soon as the user successfully logs in, the connection redirection to a different member of the farm breaks the connection. The HTML5 VPN Portal is not understanding that the…

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
          • Implement a 'one for one connection' mode

            WAF uses no relation between connections from client to WAF and connections from WAF to server. This causes pseudo-connection based authentication mechanisms like NTML or NEGOTIATE to misbehave. This is even documented in ID16010.

            It would be nice to have a 'one for one connection' mode configurable per virtual server as Microsoft products are more and more relying on NTML or NEGOTIATE in their newer products.

            Apache has a bug entry at https://issues.apache.org/bugzilla/show_bug.cgi?id=39673 which can be used as a starting point for supporting this feature.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • No disconnect of Remote VPN Users when disabling or enabling the User Portal

              Could you please not disconnect VPN Users whenever the User portal is enabled or disabled?

              This is very annoying.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
              • 3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • UTM 425 sync of active directory users

                  At the moment it is possible to set only one time for syncing ad users or to do it manually. In large enviroments it would be nice if we can do it more times each day, for example all 4 hours.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Sophos email appliance - Add a search feature to end user interface

                    Sophos email appliance - Add a search feature to end user interface

                    4 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Outlook plug-in blacklist

                      Add a option to the plug-in to add to blacklist of senders

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Wan-Acceleration

                        Would be buisness demanding feature ,If sophos can integrate Wan-optimization technology between Sophos UTM & RED.Combined with cost-effectievness of RED's -Sophos can be on top when it comes retail multibranch deployments

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add the ability to limit number of hours on a application or application group

                          The ever increasing demand for our users to have access to you tube, social media or even gaming sites (during lunch hour, hopefully) creates an administrative burden and HR nightmare for many employers. I would suggest that having the ability to limit the number of hours spent by a user or dept on a weekly or monthly basis would be an invaluable tool. This way you can create what is deemed an acceptable number of hours based on a users organizational responsibilities and only have to monitor by exception. This would also be applicable in a home setting where a…

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                          • WebSecurity: Local Override of Site Classification - SophosLabs awareness

                            This new feature os V9.2 is really great.
                            a plus could be to integrate a mechanism that upload the "customer's site classification" to Sophos labs this way those re-categorized sites could be include in the sophoslabs's "robot script analysis" in a way to have a more rapid and efficient catgorization of this customer's visited sites.
                            usefull for "uncategorized" web sites and "local" (non-english worded) web sites.
                            99% of the time if customer recategorize this sites it's because classification is unaccurrate

                            2 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add Report for ChangeLog entries

                              I would like to vote for a report that can be send out once a week that displays the ChangeLog entries so that you can monitor the changes made and send them out to some business devision to become some how compliant to auditing requirements.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                              • Import/Export vouchers database

                                Currently there is no way to export/import the vouchers database from an UTM to another one, e.g. a spare one.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • TLS (SSL) Encrypting remote syslog

                                  Hi please implement TLS (SSL) Encrypting for remote syslog.
                                  It is an important feature to send encrypted syslog messages to the remote syslog server: http://www.rsyslog.com/doc/rsyslog_tls.html
                                  A Cisco ASA, Synology NAS and Linux supports this feature. Please implement this also into your great UTM Firewall !!

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Display Current Time/Date on Up2Date Screen

                                    I often find when I schedule a UTM to update its firmware, that I'm having to bounce back to the dashboard to ensure that the time/date of the UTM is correct, I never take this for granted. So my idea is to simply put the system date/time at least on the Up2Date screen, if not just at the top of the screen in general.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Private PSK

                                      Aerohive has what they call "private PSK" that allows a single SSID to serve many users each with their own psk. Each can be assigned different security from temporary day users with limited access to full access workers.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • DHCP Relay Load Balancing

                                        The DHCP relay feature allows the use of an availability group which can have one or more DHCP servers defined. The issue is the second server listed would never get a request unless the first one fails.

                                        Starting with Windows 2012 R2 the DHCP service supports failover/load balanced scopes without the need for complex clustering technologies. Basically the servers have a copy of the scope each and have a defined percentage which they can issue. Plus they monitor each other for taking over the scope if the partner was to fail.

                                        Now we would like to use the load balancing…

                                        10 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • SPX Encryption > Detect "SPX password for" messages that are forwarded by users to be blocked.

                                          Current 9.200-11 does not detect if a user attempts to Forward the SPX password notification e-mail to the outside receiver. So the "Data Protection Configuration" setting of "On match, notify" is pretty worthless when you select "User" as they can simply forward the notice to the receiver.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base