Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Regular Expression using ^& on the same rule

    Regular Expression using ^& on the same rule

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Block Files Upload in Webmail

      I would appreciate if it's possibile to block the upload of file to webmail using the Web Filtering.
      I would permit to the users to open a webmail (like gmail.com or other public webmail) but i don't want to permit to attach file/upload file in a new mail on the webmail. In this way i can block a possible disclosure of corporate data. Thanks

      26 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • 1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Possibility to disable second antenna on AP 50 to use inhouse installed antennas

          Possibility to disable second antenna or MiMo on AP 50 to use inhouse installed antennas

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • RED - local log caching (with push function to UTM)

            It would be nice if we have a local (cached) log function in the RED.
            On the UTM we only have the opportunity to see RED online or disconnected, but not why.
            Therefore, a local RED logging would be great, which sends the information to the UTM when the RED is available again. For example: RED WAN port down, RED get no DHCP address, no connection to Sophos on port 3400 or something like this - to increase the possibilities of analysis.

            36 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
            • Set outgoing IP in Email Protection

              In case of having a lot of ip adresses on the outgoing side of the UTM it would be very nice to define the sending IP Adress of the Email-Protection Service.

              here's a good documentation howto to this with exim.
              http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/EximDifferentIps

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Crashplan Application Control

                It would be an idea to add crashplan into the application control to give future a transparent control over this cloud based service.

                I know they have not been around as long as Dropbox but it should be considered as they have a large user base

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                • IP range Webfiltering menu

                  IP range is now available on UTM9 but impossible to use in Webfiltering menu.
                  actually the only way to filter machines is to use sub network or group network (mean create machine each time inside group...)
                  Please add this improvement to be able to filter with most flexiblility than now IP range definition in webfiltering.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • RED: Restart tunnel instead of unit

                    When the internet connection drops at the main site (UTM location) the RED restarts to get the tunnel up again. When (for some reason) the internet connection stays down at the main site all internet activities at the remote location are down due to continuous restarts of the RED. If the RED only tries to pick up the tunnel, the internet at the remote location can still be used.

                    92 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      Under Review  ·  5 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • SPX encryption Plugin Outlook for Mac

                      SPX encryption Plugin Outlook for Mac
                      It would be nice to have an SPX plugin for Outlook for Mac, or comprehensive documentation for using SPX encryption with email clients other than Outlook for Windows and thunderbird.

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Use AD Backend Groups for Recipient Verification

                        Everywhere else that the UTM uses AD authentication, it uses Backend groups based on AD Security Groups. If a larger, sophisticated customer already has a differently-structured AD, it's not possible to use the current option - an alternative Base DN.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • new option "footer only for unsigned emails"

                          It would be nice if the UTM9 would have an option so that the footer "This email was Virus checked by Sophos UTM 9." is only added to unsigned emails. I like the footer, but since it alters the email content, it also invalidates the signature of incomming emails.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Expand UTM Endpoint Notification feature

                            Hi,

                            The UTM lacks, from my point of view, the ability to check computers running ENDPOINT PROTECTION with the following new features (Notifications):

                            - New computer added / installed endpoint client
                            - Client has out-of-date definitions
                            - Endpoint Protection updates from Sophos has Failed
                            - Endpoint Protection updates from Sophos has been updated
                            - Client is not policy compliant.
                            - Any other error that the STATUS page can show for a COMPUTER would be great to choose :-)

                            Only thing that can be selected now is:
                            - Endpoint Virus Detected

                            Br. Martin

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Reporting for number of users using hotspots

                              Having hotspots enabled it will be good to have reports (based on a time period) showing number of users using vouchers (connecting to hotspots). As this information is in logs it should be easy to count and show that in graphical report.

                              6 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Server Load balancing: server ports destination configurable

                                We need a way to configure the server destination ports differents from the outside port!
                                We should be able to do things like:

                                PublicIP:80
                                -> server1:1080
                                -> server2:2080

                                or

                                PublicIP:80
                                -> server1:1081
                                -> server2:1082

                                This can be used when for example we use more than one cache/proxy (varnish) on a same box in between the firewall and the real server (with 1 varnish instance per customer) instead of having to declare bunch of IPs if this feature can be implemented we can bind always to same IP but different ports...

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Full Hyper-v Support

                                  This feature request http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/188819-support-drivers-for-hyper-v notes that drivers have been developed for hyper-v but hyper-v is not yet a fully supported platform for Sophos. Hyper-v is now a main stream hypervisor used by 90% of our SMB clients therefore it should be a supported platform. I submitted a support request with tech support for ongoing NIC issues i'm having with UTM on Hyper-v and was just directed to the link above with the note that it is not yet supported.

                                  18 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support: Customer Support Report - CSR

                                    In some security systems there is a Customer Support Report (CSR) - archive file, which contain all internal information:
                                    - Logs
                                    - Configs
                                    - etc.
                                    all, what need for troubleshooting.
                                    Because UTM is a security device, remote access to the system not possible in most cases.
                                    So support of Sophos can just say - pls attach a CSR report.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • OSPF - Allow the priority of the OSPF interface to be set to 0

                                      Currently the OSPF Priority setting can only be set between 1 - 255
                                      It would be useful to have the ability to set the priority on an OSPF interface to 0 (Zero). This will then ensure the UTM does not participate in the DR or BDR election process.

                                      In a well designed ospf network (On Cisco and Brocade equipment), it is better practice to remove nodes which you know should never be DR or BDR devices, thus reducing election traffic and the time it takes for an election process to complete.

                                      6 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Implement LLDP (or CDP) on the Access Points

                                        This will be very helpfull to detect access points on a network.
                                        > Finding these devices for maintenance ( reboot with POE off / on ) without following the cabeling or looking for mac-adress-tables would be great.
                                        Maybe LLDP/CDP would also suite the UTM ethernet ports.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Sending HotSpot vouchers directly to a network lable printer

                                          It would be nive if it qould be possible to send the voucher directly to a bon/lable printer, like Brother QL-710W/QL-720W.
                                          A limited support of printer models would be acceptable.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base