Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. i need to be able to allow ftp access using filezilla, to a select group of users, in a way that allows virus scanning

    we currently use filezilla for a select group of users to get ftp access to the internet, using forefront tmg
    we're migrating over to using sophos utm for our firewalls, and i need a method that will allow me to restrict ftp access to a select group of users, while also allowing their downloads to be scanned for viruses

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Enable use of network services 'library'

      I'm fed up with having to look up port numbers for different online services and add them manually to UTM. UTM comes with a small list (HTTP, HTTPS etc.) - wouldn't it be great to have a centralised library of services (could be maintained by all us UTM Admins?). Just click on the service (e.g. Steam) in the library to have it imported into UTM with all the port numbers defined.

      0 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • 1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Show WLAN-Password in Vouchers with Bridged to AP-LAN

          If a Vocuher for a WLAN is created and the WLAN is bridged in AP LAN , the password on the voucher should be displayed. Currently, the voucher is without WLAN password in this configuration.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • VSS

            Native support for VSS on your SG appliances versus only supporting Virtualization within the VM image. All the major players support VSS today.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow more IP's on Home/Free UTM

              with all the connected devices its becoming very easy to hit the 50 IP limit on a home edition license. Throw in a few lab servers and you are almost guaranteed to.

              Any chance this can be increased? I see a few years ago this was done.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
              • Hotspot voucher automatic regeneration

                Currently vouchers on Hotspots do not automatically re-generate after the data or time allowance has been used. It would be good if these could re-generate a new voucher and code, and automatically send the new code to an email recipient.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Outlook anywhere connection with WAF for Mac Clients

                  At the moment, there is no support for Outlook Anywhere connections on Mac clients. Please make Outlook anywhere connection work with the WAF.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Failover SXL lookups to Smart Filter Cache

                    SXL lookups regularly fail due to issues with the the Sophos service, the virtual host the service is running on or simply just networking issues local to the UTM.

                    As the technology already exists to use an offline file then why not simply have an SXL fail over to the local categories. For example, if there was no response to an SXL lookup in 15 seconds failover to the local cache for the next 5 min.

                    This way there should never be any downtime in the service which either leaves a customer unable to browse the web or allows a…

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • dyndns support for all-inkl

                      Hi,

                      please can you add all-inkl as dyndns provider. Server for Updates at all-inkl is: dyndns.kasserver.com

                      Thanks in advance,
                      regards
                      Herbert

                      54 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        5 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • SMTP header manipulation

                        SMTP header manipulation introduced in 9.3.x seems not work at all.

                        If you get this error corrected, please add an option to add/remove headers in outgoing/incoming mails or in only incoming mails or only in outgoing mails.

                        I do not want to remove Receive headers from incoming mails, but only outgoing mails.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • implementation of ip Range policy single host add but how to define range

                          In Sophos UTM , Web Protection -->web filter profile-->in Allowed Networks

                          i can not define ip address Range.single host is add but how to define range of ips.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • support "Host Range" for the option "Allowed networks" under Default Web Filter Profile

                            support "Host Range" for the option "Allowed networks" under Default Web Filter Profile

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Wireless Protection: Restrict voucher's volume limit to internet use / WAN external interface

                              Voucher's volume limit currently has effect on complete wireless traffic of a client, so that internal traffic to local NAS systems is considered as well. This way, real INTERNET traffic of a client cannot be limited in a useful way. Please either provide a possibility to select, or configure that way that only traffic from WIRELESS to WAN interface is considered when counting volume limits of vouchers. Thanks in advance.

                              2 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Logging Authentication failure in Webfiltering

                                It would be good if you could write the failed authentications in the web filtering log.
                                It could be used to determine which client someone logs wrong.

                                Example: 2015:02:18-07:20:04 deproxy03-1 httpproxy[6423]: id="0001"
                                severity="info" sys="SecureWeb" sub="http"
                                name="http access" action="Authentication
                                failed" method="GET" srcip="10.68.20.171"
                                dstip="62.159.74.50" user="userx" ad_domain="domainx"
                                statuscode="200" cached="0" profile="REF_HttProSsoad
                                (SSO-AD)"

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                                • DNS blacklist outage fix.

                                  Recently dnsbl.proxybl.org went off line, a 3rd party blacklist Web Server Protection uses to block ips/domains with a "bad reputation"

                                  When this 3rd party provider went out. The WAF served up pages extremely slowly to the outside world ( it took about 1 minute for a page fully load).

                                  I'm guessing every time a file was requested over the WAF, a look-up was done on the requester's IP and it would wait until the look-up timed out.

                                  My suggestion is to run a heartbeat on any such 3rd party service that turns on if a timeout occurred, if the service…

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • More flexible data protection rules

                                    The current email data protection rule for UK addresses is configured to reject files with 100 postcodes/addresses, can this figure be made configurable

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • In what way can I go back to the last Version after a firmware update? ?

                                      Good Software has it:
                                      Posibility to go back to the last Version after a firmware update.
                                      Thank You

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Static IP-Configuration for Access-Points

                                        For better IP-Management it would nice to have the option to configure the Access-Points with static IPs and the ability to restart them remotely.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • utm public IP feature when having two or more subnets

                                          Customer want to do like this:

                                          subnet A e.g. 192.168.1.x is going out using the public IP a.b.c.1
                                          subnet B e.g. 192.168.2.x is going out using the public IP x.y.z.2

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base