Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Ability to not allow management via "additional IPs"

    Ability to not allow management via "additional IPs". I add an additional WAN IP to the outside interface and I want to prevent mgmt on that IP. Have the choice to only allow mgmt on the original IP assigned to the interface.

    2 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • AP MAC pick list

      Recently we added an AP to a customers Sophos UTM 120. When it came to Whitelisting MAC address (Wireless Protection> Wireless Networks> Edit the AP> Advanced) we were presented with the "Please select" in the MAC Addresses field in the AP Edit interface Advanced window.
      The wireless laptops were confirmed as having connected to the AP and had their respective MAC Address appear in the Wireless Protection > Wireless Clients list.
      With help from Zak (Sophos support) we were informed we had to manually add the MAC addresses to the Definitions & Users > Network Definitions > MAC Address Definitions…

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Make the IPS rules CVE/Mitre compatible

        Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.

        http://cve.mitre.org/compatible/compatible.html

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Prevent WebAdmin on additional IP address.

          When an additional address is added to an external interface, the UTM can be managed through WebAdmin over port 4444 on that additional address. I would like to see a check box when adding the new addtional IP address that asks if you'd like to be able to manage over this IP or not.
          The additional IP is usually for a NAT, say for instance a NAT for my exchange server. It doesn't make sense to me that https://ip-of-exchange-server:4444 allows someone to manage the firewall.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • WPA2 Enterprise can Authenticate/Authorize Local Users

            I've run into a situation on several occasions where WPA2 Enterprise could also use local users/groups for authentication/authorization.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • HTML5 VPN - using RDP, local dirves and printer needed !!!

              If using html5 vpn portal via rdp protokol, user need local drives and local printer at win- terminal server!!! like possible in standard windows rdp sessions ....

              10 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
              • Convert mail body from HTML to plain text by rule

                Allow mail to be converted to plain text selectable by common filtering rules (similar to exceptions) where the incoming/outgoing e-mail address/domain/ip address/etc can be used to choose when the email is considered the content may be safe, but links, images, and other rich content would show the HTML code rather than the objects themselves.

                This would add additional safety for e-mail addresses that are used receive mail and automatically process them and also to further reduce risks where warranted. This should be implemented on UTMs with Mail support as well.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • agent less NAC solution as a NAC Subscription

                  agent less NAC solution - as UTM we have the asset list and MAC details -
                  implementing agent less NAC solution we can integrate with the Sophos endpoint as vulnerability assessments, patch management using the Sophos Endpoint advance Suite

                  agent less NAC - Like Netclarity or ForeScout

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Complete visibility of evasive applications

                    Content upload via - web mail, Social networking sites, Blogs, Instant Messaging, Web uploads Mail, P2P,Skype, - data protection
                    count the number of email sent from the clients using the subject - Header. Monitoring IM ,

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • EndPoint: Change display language based on the OS language

                      Normally, the display language is based on the settings of the operating system. In the Sophos products the language is oriented to the language of the region setting. This is somewhat unfortunate, since we, for example, use only software with the english language. The location of the operating system is set to a German-speaking country. Thus, the console (Server & Client) appears only in German. It only change the language if I change the Region to an english-speaking country. It would be useful to customize this.

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • outbound smtp antispam scan through firewall rules

                        outbound smtp antispam scan through firewall rules with out email Security proxy

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • 29 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          • SafeGuard Management Center to prompt for old password upon AD password reset as an option

                            Currently when customers using SGN without DE, they do not have an option to use the password recovery methods (C/R or LSH) when their users have forgotten their password. The only way is to reset user password via AD. Upon reset of password, user login to windows, users are prompted to key in old password to ensure DX works properly. Having forgotten the old password, SGN Admin has to remove and recreate the certificate at the SGN MC. Customer finds this troublesome as it involves extra process for their HelpDesk and it may come as a cost internally to the…

                            4 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                            • Increase Attack Patterns selections in IPS settings

                              ISTM that the IPS rulesets keep getting larger and larger, at the expense of IPS throughput.

                              examples:

                              1. I would like to be able to disable 'out-of-date' rules...
                              e.g.
                              a. if I don't have anyone using Windows XP or 2000, I should be able to disable those rule(set)s.

                              b. same for old browser versions

                              The easiest interface for this might be to set a "Minimum patch level/date"; e.g. ask the user what the OLDEST patched system is on the network.
                              Perhaps ask this for each ruleset/pattern group.

                              I'm guessing MOST of the 1000's of rules would not be applicable if…

                              32 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Central Download Virus-Definition from UTM!

                                Currently Endpoint Clients download definitions from sophos updateservers. Why we cant cache the definitions on the UTM and this will publish the downloads to the clients? eg: now we have 35 clients, which must download all the definitions from the internet. why we cant use a central download point on the internal network (for best the utm itself)??? all other Central Solutions can do this (kaspersky, sophos endpoint enterprise console, panda etc.)

                                7 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Show greylisted emails in Mail manager

                                  I need the ability to view grelisted emails in the Mail Manager. if an email is greylisted it is dropped/blocked. it does not show up in the Mail Manager SMTP log nor is the sender notified that the message was not delivered. this results in loss of emails and neither party knows about it. I have to switch back to a competitor product to regain this capability. the way i figured out this problem was to have the live log open and have the other party send me an email so i could capture enough data to research.

                                  2 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Ability to use DNS Group for Notifications

                                    Would like the ability to use a DNS Group over DNS Host or Availability group. The reason is some companies will have separate teams managing the network and windows\dns. It would be upto the DNS Admins to keep the DNS entries up to date and not the network team managing an availability group

                                    5 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Regular Expression using ^& on the same rule

                                      Regular Expression using ^& on the same rule

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Block Files Upload in Webmail

                                        I would appreciate if it's possibile to block the upload of file to webmail using the Web Filtering.
                                        I would permit to the users to open a webmail (like gmail.com or other public webmail) but i don't want to permit to attach file/upload file in a new mail on the webmail. In this way i can block a possible disclosure of corporate data. Thanks

                                        26 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base