Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. remove hyperlinks from surf protection end user messages

    In UTM 9, we would like to remove the hyperlinks in the surf protection messages offered to end-users, specifically the "Add exception for this url" link.

    Our users are clicking the hyperlink and then are "blindly" attempting to log into the UTM portal - for which they don't have access.

    The ability to customise these messages is not in the Customisation section of the UTM interface.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow changing of the DPD values on the UTM GUI

      Allow changing of the DPD values on the UTM GUI. Currently we can only switch the Dead Peer Detection on or off. We should be able to change the DPD action and delay & timeouts from the graphic interface.

      9 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
      • Outlook Plugin for easy handling SPAM

        It would be nice to have an Outlook plug-in to report SPAM or false positive SPAM directly in Outlook not only in daily reports.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Webadmin certificate with sha 2 algorithm

          There should be a way to generate the webadmin certificate with the SHA-2 algorithm from the UTM

          53 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • group

            Include a "group" field in the http.log to help ease with creating syslog reports.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
            • SUM notification - [INFO-913] Global resource level limit exceeded

              The SUM server often sends an email notification on behalf of a managed UTM with the subject: [INFO-913] Global resource level limit exceeded, but doesn't say what limit has been exceeded. It's necessary to logon on to the UTM and check through the logs to determine what caused the alert. It would be good if the notification from the SUM contained some additional information to save time on identifying the cause.
              Thanks.

              0 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
              • UTM9 - sso password

                Sophos UTM9 - recent release
                If you open the binary files in the /var/confd/var/storage/snapshots with a normal text editor you can read clearly the sso_password and the sso_user used for the joining of the appliance to the domain.
                Why the config files must contain the domain password used once and no longer required?
                Why it is not encrypted? Often this is a domain admin account.
                Best Regards

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • Blocked website list from SUM

                  Need a way to deploy a blocked website list from SUM without requiring standardised filter action because every site has different categories blocked etc and can't just create a new filter action that applies to everyone with a blocked list in it.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Make an API for Sandstorm sample submissions

                    Please make it possible to send and get Sandstorm sample submissions using an API. Customers with valid sandstorm licenses for Sophos UTM or classic Sophos Appliances can then use scripts for other solutions to submit samples and retrieve results.

                    Another idea is to create a seperate license for this API usage. There can be many implementation possibilities for Sandstorm API scripting, sending samples and automating processess depending on the submission results.

                    2 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Prevent users of Wifi Hotspot from being able to use the HTTP Proxy service to browse to local RFC1918 addresses, accessing LAN web services

                      Users on a Separate Zone Wifi Hotspot network can currently browse to local web services if going via the proxy, as the proxy is not limited to local web servers.

                      This is an issue, as it allows guests to browse local web resources that may be internal secure resources.

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Firewall Rules counter

                        Add a feature that is common and very useful on most firewalls, The display of active counters on firewall rules. This is a quick and useful way to trouble shoot firewall rule issues.

                        8 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Block/Allow based off of header from

                          The ability for block and allow lists to apply to the header from field in the message, and the ability for the RDNS to check this header to confirm it is correct.
                          The ability to create rules to check for what the value of the header is and block or allow based off that field

                          9 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Provide support for Wildcard Digital Certificates for User Portal

                            We have been told by Sophos Support that the UTM will not present the intermediate CA (Digicert Wildcard Certificate). Please provide support so we can use our existing wildcard certificate with the user portal. There is an unsupported workaround, but it does not persist through a reboot.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                            • list of connected sessions

                              List VPN sessions connected by host when managed by SUM Gateway Manager. This would save having to log into each VPN gateway to see the active sessions by IP and authenticated user per host.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow HTTPS Decryption Exception based on Signing CA or Specific Certificate

                                Configure exceptions based on a Signing CA or based on a certificate. If USM web proxy requests an outbound HTTPS connection, and the returned certificate is signed by a specific CA cert or the cert returned matches a specific certificate, and that cert is (optionally) valid, then bypass HTTPS decryption and pass the connection on to the internal client. This would make things much easier to make exceptions for Microsoft OneDrive, where there are a ton of URLs and even some IP addresses that need to be added to the exception list in order to make it work. Id rather…

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Enable Network Agent (iOS) authentication for Sophos UTM Home licenses.

                                  For home users, it would be terrific to be able to use the Network Agent iOS app for iPhone / iPad authentication for family members.

                                  This would greatly simplify the authentication process!

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • graylisting

                                    Please display graylisted mail also at the smtp-log

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • SPX recipent password reset

                                      Did the end-user password reset functionality go away at some point? I have a newly integrated UTM 9 at version 9.4. In the SPX end-user provided password template, it would be nice to have the user password feature back. Even with end user provided passwords they will surely forget eventually. I am trying to avoid getting into the password reset business. It also added to the ease of use to both my users and their recipients.

                                      Thanks,
                                      Ryan

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Block TLDs in Email Filter

                                        Would like to be able to block all emails with senders from specific TLDs. Eg. *.win or *@*.win

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Simultaneous Active STAS Collectors

                                          Would like to have multiple active STAS collectors reporting logins on DC directly to UTM. The current model only allows one collector to report to the UTM with other DCs using agents to feed the one collector.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base