Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve the grid view, in the email security product.

    The current grid view is 'sortable' but columns are not resizable, nor filterable. In either the Admin view (search results), or the end user view.

    This should be pretty straightforward these days.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Installation improvements: WebAdmin access informaiton & Shell Access

      During the installation of the UTM software, the user should have the option to enable shell access and specify loginuser and root passwords as the UTM can become inaccessible if there are networking/interface issues. Also, the installation process should display the webadmin access information, in the event the interfaces change.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
      • Add two more entries to the 20-nic.rules file to disable TSO to eliminate NIC hangs and resets

        I recently had case #522827 where it was determined I needed to add two entries to the 20-nic.rules file to disable TSO to stop getting NIC hang and reset notifications.
        The NIC's in use are

        Intel Corporation 82579LM 8086:1502
        Intel Corporation 82571EB 8086:105e

        # e1000e: disable TSO for Intel 82579LM
        SUBSYSTEM=="net", ACTION=="add", ATTRS{vendor}=="0x8086", ATTRS{device}=="0x1502", RUN+="/lib/udev/nic-disable-tso"

        # e1000e: disable TSO for 82571EB (errata 7, #34608)
        SUBSYSTEM=="net", ACTION=="add", ATTRS{vendor}=="0x8086", ATTRS{device}=="0x105e", RUN+="/lib/udev/nic-disable-tso"

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
        • Scheduled reboot via web GUI when adding NICs in VMware

          When adding new NICs for the Sophos UTM if the UTM is a VM in VMware, a reboot is required - please add a scheduled task via the Web GUI to reboot the UTM?

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
          • UTM's Radius client: need to support PAP protocol

            The UTM's radius client supports only PEAP (MS-CHAP). Could you please add PAP?

            The use case is a proxy radius server that communicate via a strong authenticated SSL tunnel with a 2fA server in the cloud. The UTM's radius client must use PAP protocol to forward the password in clear-text to the proxy radius server that will forward in a secure way the auth request in the Cloud.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • HTML5 VPN Portal : accept to submit auth form without password

              The authentication form of the HTML5 VPN portal requires to provide a password to be able to submit, probably checked by a javascript in the authentication page. Please remove or disable this control and accept to submit the auth form with an empty password (no password).

              The use case is a 2fA authentication server that accepts PUSH mode. The radius server will forward to the 2fA server the request containing only the username (no password) and PUSH a notification to the user's mobile. The user will unlock his mobile, open the 2fA application and provide his security PIN code. The…

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • Let you utilize different web servers depending on URL folder path

                Microsoft ISA Server 2006 lets you configure separate protected web servers for any URL folder path. I liked that, because it made the entrypoint simple – everything was based on the path name, not the server name. Any chance you would add this functionality to your product to make it cover what Microsoft’s ISA server could do? See call #5242748 for more info.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Notify users about ActiveDirectory password expiration on WAF Reverse authentication form

                  Users logging on via the reverse authentication form Feature should be able to Change their Password from here - or be notified about an expiring/expired Password.

                  14 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • Enable SPDY protocol for reverse proxy feature

                    Please add the SPDY protocol to the reverse proxy to enhance HTTPS page load times through the UTM. Both on the client and server side, especially if the back end webserver supports the protocol.

                    Thank you

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Enable Firewall rule in creation process

                      In order to make packet filter configuration easier, you should add a switch for directly enabling a firewall rule by creation. Very often people forget to enable a newly created firewall rule. By default the switch is not enabled.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • SMTP Proxy MIME delivery status notifications

                        Currently, the Sophos UTM OS does not support RFC 3462 MIME-type delivery status notifications. This causes issues for when Outlook clients recieve non-RFC bouncebacks from the UTM as they will not treat it as a delivery status notification, but reather as a new email and apply any inbox rules. This can lead to bounceback storms.

                        Additionally, in an Exchange environment, bouncebacks are intercepted and reformatted for easier user readibility.

                        8 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow SNAT and Web protection work simulatneously

                          currently web protection is being prioritized over SNAT. we are getting feedback that on the future patch upgrade to have a feature that will allow SNAT to work while web protection is enabled

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • network order interface in VMware

                            when you have a lot of network interface in a sophos VM under VMware the network configuration file (vmx) the order on vmware do not match the sophos network order. you have to match the mac adress between UTM and VMware or to edite the /etc/udev/rules.d/70-persistant-net.rule file. could you please let the customer renumber the ethX under webmin.

                            9 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Websites under Filterining options add in custom category

                              For example under "Filtering Options" and "Websites" you can add sites to Categorys but you cant select a custom created Category. To do this would be useful. For example the ability to Categorise all company sites into one category rather than them been mixed, this would help with reporting.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Wildcard support for antispam's sender blacklist & excepted email addresses

                                Under "EMAIL PROTECTION > SMTP > ANTISPAM > SPAMFILTER"
                                you are able to block email senders by adding their domain. You are also able to use wildcards i.e. "*@domain.com".

                                Same you can do under "EMAIL PROTECTION > SMTP > EXPEPTIONS" to add a sender's email address to except him from specific rules (HELO, Antispam, etc.) buy using the same format and wildcards i.e. "*@domain.com".

                                Unfortunately I get more and more spam emails from the same domain which uses A TON of subdomains i.e. the following (german) spam site:

                                *@elektronik.de-at-ch.com
                                *@rasierklingen.de-at-ch.com
                                *@versicherung.de-at-ch.com
                                *@mobil.de-at-ch.com
                                *@reisen.de-at-ch.com

                                The same applies to whitelist pages i.e.…

                                8 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • SPam Filter: More granular reporting of what causes spam to be marked "confirmed" via "SA"

                                  Users would like to be able to gather more information on the cause of an email marked as "Confirmed Spam" to be able to effectively troubleshoot this issue.

                                  We are having an issue where large amount of spam as being "Confirmed" and the only reason reported is the "sa". The domain does not appear to be on any blacklists, spf and mx records appear to be correct, and the general configuration is correct. . . Support basically said they had no way of gathering or providing a deeper level of cause. As such, it seems that the only troubleshooting method…

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • outlook add in office 365

                                    customer would like an outlook add in for office 365

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • VPN timeout for Windows and IOS clients

                                      I would think this would be something that would be a standard feature, but guess now. There should be a way to set a timeout on the VPN connection either users connected via laptops or iOS devices so they don't have to remember to go back in and manually turn off or disconnect their vpn connections when they are done, they end up staying connected forever and I see this as a security risk when they are connected in to our network from the outside.

                                      Please add a simple timeout feature for SSL VPN connections.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Quota for Applications

                                        The new quota feature is good for desktops, but for mobile devices that utilise apps , it doesn't work. To have quotas on apps would be the next update that a lot of people like myself would need and use.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Option to disable the AutoPlay Function in youtube on web appliance

                                          Would it be possible to implement a feature that
                                          will automatically disable the autoplay feature in Youtube

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base