Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Filter (Management Appliance) and HTTP User Agent strings

    It would be helpful to be able to search for, filter on, alert, and even block traffic based on HTTP User Agent
    Block User Agent for Java at proxy
    Query logs for visited hosts that used Java user agent•
    Aggregate by host, sort by frequency, analyze
    Generate exclusions
    Attacker can not modify the user agent before exploit attempt
    Esp helpful for Java.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • include mac/apple with UTM endpoint protection

      There are lots of places that have both windows and macs in their business. Both need to be protected with endpoint protection so they can be managed. Why have one and not the other?

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Add 'Allow' and 'Block' options in Sophos Cloud for the Spam category

        Currently there is no way to allow or block the 'Spam' category in Sophos Cloud, sites under this category are always blocked. Can this be changed to add an 'allow' option under Web Control?

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • add the ability to receive an email notification whenever a user connects via SSL VPN for Remote Access.

          add the ability to receive an email notification whenever a user connects via SSL VPN for Remote Access. It would be nice to also have the option for a disconnect notification.

          19 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
          • Usability: Filtering Certificates before building the certificate lists

            Hello,

            on adding WAF at a client installation with heavy Remote Access usage two usability issues came up:

            1) if i try to select the server certificate for the WAF site, the list builds for a very long time and then presents all certificates - in my case ~ 960 User certificates, the local certificates and the three Server certificates I imported... This is let's say, "suboptimal"... ;-)

            2) The certificate list is sorted case sensitive, which is, again, "suboptimal" - it means that TEST..., Test..., and test... are at three different positions in the list. Combine that with the…

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
            • add transparent mode browser authentication over HTTP

              This would allow the UTM admin to select the captive portal to be presented over http instead of https to prevent SSL errors on guest devices. I appreciate there's a security issue around this but it should be made clear while selecting this option that it's less secure

              6 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • All Trap Adress should be readable through SNMP

                All MIB OIDs for SNMP Traps should also be readable via a SNMP Request. So you can get the whole Status of your UTM via SNMP Poll

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                • How do I reset my password so I can get documents??!!!!

                  How do I reset my password or get my old password so I can download documents?????!!!!!!!!!

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Sophos UTM: FIlter out internet analytics

                    Filter out the internet analytics and services so that web usage reporting in only showing the 'real' websites visited instead of muddying the waters with all the analytics and services information. If if this could be hidden on the export of the report to managers etc...

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                    • iView reporting on Sophos UTM.

                      It would be good to break down the web usage by time bands. This would allow us to see which users where doing what on the web at specific times.
                      Thanks

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                      • SSO over WAF

                        Planning to replace TMG with other UTM product. Sophos is looking good - but some features is missing which are a must have for me:
                        Any change we will se
                        * SSO for reverse proxy
                        * Link translation like we know it in TMG
                        * AD user change password option through rev. auth

                        These are the only major issues preventing us from switching to Sophos

                        9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Notify users about ActiveDirectory password expiration on WAF Reverse authentication form

                          Users logging on via the reverse authentication form Feature should be able to Change their Password from here - or be notified about an expiring/expired Password.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                          • forward messages

                            in SEA, (Sophos Email Appliance) customer requires a feature so they can forward messages to Sophos Lab or other actions from Mail Queue, currently its only available for Quarantine queue.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Voucher control

                              Create a better control for vouchers. On our company we give a voucher for the employee so can use for a few months, but if he left the company i cannot know his voucher or I have to keep very complicated spreadsheets. It would be nice if on the portal while the user inserts its voucher it need to provide his email or his name. or if UTM keep a list of Device-Name and voucher used. So we can cancel a voucher when needed.

                              2 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Improve Flow monitor

                                Improve Flow Monitor, it is slow and seems to not reflect real traffice. For example when opening Flow Monitor from dashboard clicking on WAN1 In for example, the dashboard show the link with 95% (30MB link) used buth Flow monitor show many connections using little speed and a few using 1 or 2 MB. So I never can find who is killing the bandwith.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                • Proxy usage security problem + change the bad proxy design

                                  When using - _Skip transparent mode destination hosts/nets_
                                  with _Allow HTTP/S traffic for listed hosts/nets_ checked, not only hosts which are in _Allowed Networks_ can reach this destination hosts. So if you have a public WLAN which is not in the _Allowed Networks_ _Web Filtering_, everyone in this Network can reach the destination hosts.

                                  The automatic Rule _Allow HTTP/S traffic for listed hosts/nets_ should only allow the
                                  Hosts in _Allowed Networks_ to solve this security problem.

                                  If you don_t want to change this behavior please remove the _Allow HTTP/S traffic for listed hosts/nets_ Feature for security reasons.

                                  General firewall design:

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Country Blocking - color scheme

                                    In this context, it would further be desirable when, for reasons of clarity, the countries switch the Country blocking mask would be a contrasting color (eg green = off, red = All, orange = From, yellow = To).

                                    In diesem Zusammenhang wäre es weiter wünschenswert, wenn aus Gründen der Übersichtlichkeit die Länderschalter der Country Blocking-Maske farblich differenziert werden würden (z.B. grün = Off, rot = All, orange = From, gelb = To)

                                    6 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Easy entry for dns/ip hosts in HOST BLACKLIST

                                      I am getting really bored of adding new smtp spam servers to my "host blacklist" (SMTP>RELAYING) because EVERY TIME I like to add a new smtp spam server I have to creat a new "network". And this network (dns or ip based) is later showing up in my host list.

                                      Just for the record .... my current host blacklist contains over 300 (!) blocked hosts!!! Just to give everyone an idea how many smtp spam servers I had to add to my host blacklist and how many (useless) host entries I have to scroll down/pass ANY TIME in my host…

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Wildcards for HOST BLACKLIST

                                        I really get a ton of spam. And some companies have dozend (!) of real smtp (spam) servers with fixed IP addresses like these one. And you can easily see that there seem to also have smtp spam server "relay61.brm24.de" to "relay89.brm24.de" and "relay118.brm24.de" to "relay129.brm24.de" from which I still didn't got an email yet (so they are not blocked now):

                                        relay59.brm24.de 78.46.76.140
                                        relay60.brm24.de 78.46.96.74
                                        relay91.brm24.de 213.239.212.235
                                        relay101.brm24.de 78.46.44.235
                                        relay102.brm24.de 85.10.209.133
                                        relay103.brm24.de 88.198.61.232
                                        relay104.brm24.de 213.239.213.207
                                        relay105.brm24.de 88.198.35.24
                                        relay106.brm24.de 78.46.78.116
                                        relay107.brm24.de 46.4.90.229
                                        relay108.brm24.de 213.133.97.146
                                        relay109.brm24.de 88.198.7.133
                                        relay113.brm24.de 88.198.51.236
                                        relay114.brm24.de 88.198.58.40
                                        relay116.brm24.de 88.198.66.66
                                        relay117.brm24.de 78.46.49.11
                                        relay130.brm24.de 213.239.214.166
                                        relay131.brm24.de 213.133.98.213

                                        It would be…

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • being able to switch off broadcasting for certain times of day on the APs from the Webadmin,

                                          Customer wants to be able to switch off broadcasting for certain times of day on the APs from the Webadmin, He is a school admin and wants kids to only be able to see any access the APs at lunch and after school. He does not want to manually use the hide SSID feature. Rather he wants to be able to have an option in the GUI to only broadcast at certain times of day.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base