Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. html5vpn copy/paste

    It would be nice if we can copy/paste between HTML5VPN sessions.
    For example, I type some words in one HTML5VPN session.
    Then I press ctrl+c, the words are copied.
    I press ctrl+v in another HTML5VPN session, the same words are pasted there.

    5 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    • Links in Quarantine Report

      The quarantine report should have additional links:
      1. to Web User Interface without LogOn to the qurantine-site of the user
      2. "release and report as false positive"
      3. "view" to show the Content of a blocked mail

      5 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Add support SNMP via VPN without add static routes.

        Copernicus project:

        Add support SNMP via VPN without add static routes. This need works as SSH via VPN, only choose a check box allowing or deny the service.

        Today it is needed add static route pointing to tunnel name.

        18 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
        • Filtering URL-s through GoogleTranslate and others online translate systems

          GoogleTranslate as well as Yandex.translate do some kind of Proxy Tunnel, and download content from own servers, then show it in Browser. You can see, for example hh.ru in requested URL = Embedded URL. But we can’t block this GET requests.
          https://translate.google.com/translate?hl=ru&sl=auto&tl=en&u=http%3A%2F%2Fhh.ru%2F
          You can read more about this from page:
          https://github.com/openwrt/packages/blob/master/net/dansguardian/files/dansguardianf1.conf

          0 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow for the configuration of disabled features, such as Web Protection, so they're configured first before they're enabled.

            If your UTM is in production, and you want to enable a new feature, you must first enable it before you can configure it. However, some features will start interacting with network traffic as soon as they are enabled even without configuration.
            It would be beneficial to put features into "configuration" mode so that they can be configured and tweaked before being enabled fully for production.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
            • Creating Exceptions Specifically For Domain Users

              Customer is requesting to create a menu in UTM in which they can create exceptions specifically via domain users

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • ID33532 9.209 RDWeb via WAF is not possible on customers site

                Issue ID 33532 the ability to publish a Remote Desktop Gateway would be appreciated. currently there is no support for it in UTM.

                10 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Please support Palemoon to register.

                  I really can't find where to report this but the way you guys filter the browsers that people use are a bit hard for users that use alternative browsers.

                  Palemoon is getting close to releasing it's version 26, but since it's a fork of Firefox it still shares some similarities. Your agent sniffing techniques render our browser as Firefox 26, but it's really not the same.
                  Similar situation where Opera is a different number than Chrome but it's still up to date, Palemoon is the same way.

                  The number of our browser shouldn't indicate it's version to Firefox, since it…

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add the ability to detect when the from field in the header is different to that of the envelope

                    Can we have the above functionality added to the UTM so that it gives the same level of mail protection as the email appliance? When mail has been spoofed so that just the From field in the header is spoofed but the same field in the envelope is different and is from an address that is not blacklisted this is sometimes getting through to customers.

                    13 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Bulk User Account Creation

                      For installations not leveraging Active Directory for user creation it would fantastic if you provided the ability to upload a CSV or similar file format with the requisite information for user creation.

                      This would vastly improve the experience, speed and efficiency of initial user account creation and deployment.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                      • Firmware Automatic Restore of the RED

                        Firmware Automatic Restore of the RED when it lost itself (firmware corrupted)...
                        Sometimes, when a power cut occurs on a customer machine (we use RED10 on the machine shop floor to have a remote access
                        to the automates in a customer plant), the firmware of the RED10 get corrupted.
                        And after that, the only solutoon for us is to send another RED10 to the customer.
                        So the support is at least 24h late...
                        We can't ask the customer to do the manual firmware restore. They are industrials not IT...

                        16 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow continual ping to go from primary to secondary connection

                          Currently if you are running a continous ping out WAN1 and it fails over to WAN2 the state table does not get flushed or updated for the ICMP request and the pings will fail even though the connection is up. Going in and manually clearing that connection "conntrack -D -d 8.8.8.8" will fix it. This is helpful in troubleshooting fail over and monitoring fail over time. Many other firewall manufactures do this.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • OpenSSH version 6.7 or higher

                            Generate an update of the UTM which support openSSH version 6.7 or higher.

                            12 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Security heartbeat for utm 9.x

                              It would be great if you iplement the new security heartbeat into the utm 9.x also.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Change UTM 9 (Not XG since it is still buggy) 50 limit to 100 limit due to ip6 on devices.

                                Change the limit to 100 for UTM 9, not XG, there are those that do not want to upgrade until it is more stable and less buggy.

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Remote Access alert

                                  Customer would like to have Remote Access logging / alerting feature. If a client was to sign in he would get an alert/email/etc sent to him. He would also have the logging written to an external database of some sort.

                                  5 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Web Filter Captive Portal

                                    It would be nice to have a captive portal option for the web filter. I know there is one for wireless but we have some public hard-wire connections that we would like to give a portal to "accept" that their traffic is logged and monitored. It would also be nice for networks using WAPs other than Sophos.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • WS1100: Secondary DNS when Primary is down

                                      I have two WS1100's in my network.
                                      Today we had my primary DNS go offline due to a hardware problem.
                                      The Seconday DNS works but the latency is really bad.
                                      Very slow getting to sites.
                                      You have to set the Secondary as the Primary until you resolve the issues.
                                      This is just not a great solution.
                                      You would think that there is a setting to quicken the time.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Floor Plan

                                        Allow for upload of a floor plan to place AP's on. From this view you should be able to toggle between 2.4Ghz and 5Ghz to get an overview of what the channel plan looks like on a map.

                                        4 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • spoof attack

                                          Working with Sophos support (case 5397031), the current product is not able to stop a spoof attack in which the "envelope from" is valid but the body sender address is spoofed as an internal address.

                                          SPF checks are not effective in this scenario and the message is delivered.

                                          19 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base