Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. STAS Integration

    Add STAS capability as per Sophos XG. Agent on domain controllers that detect logins/logouts of users is perfect.

    Many thanks

    8 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    • Add Sophos Cloud Update on the default web filtering exemptions on UTM

      Add Sophos Cloud Update on the default web filtering exemptions on UTM

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Implement Separate Upgrade Schedule for Servers

        Allow for having a separate install schedule for servers for when you release a new recommended version, so that that portion of the upgrade can happen off hours instead of whenever you've released it to the update servers and we download it. Every time that happens, it causes quite a bit of havok here.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Add text to Subject in E-mail

          Currently we are able to replace the header of a e-mail message. for instance, I can search and replace the word "Subject" but it just removes the entire subject line and replaces it with the word I choose.

          what I need, for information classification, is to add the word "CONFIDENTIAL" to the subject while keeping the rest of the line.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Viber voice calling to be disabled in UTM

            Viber voice calling to be disabled in UTM as its block Viber message but not voice calling...

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
            • Country Blocking Problem

              Hi everybody,
              Country Blocking is not working correctly. Sometimes ip adresses are not resolved to a country, they appear in the log files as "unknown" and they were not blocked. So some days ago someone tried to connect to our ftp server from sweden, althogh every country is blocked accept of germany.
              Please fix this or integrate a button "unknown" -> deny or something similar.
              Sorry for my englisch ;-)

              2 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Bridge - LTE to Ethernet

                I want to bridge my USB LTE (4G) modem to Ethernet.
                To my knowledge, this is not supported yet.

                More info: https://community.sophos.com/products/unified-threat-management/f/41/t/10885

                18 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                • auto create email address after RADIUS authentication

                  In some situation, customer prefers an default email address to be created after a user log in User Portal.
                  In current UTM, an user account is created after a user log in User Portal, but there is no email address defined.
                  Normally, we sync email address from LDAP or Active Directory, however, the sync of email address is impossible to achieve in some circumstance, for example, user email address is constantly changing several times every day.
                  Maybe we can define a email auto-creation policy. For example, the username of the email address is the same as username in RADIUS. The…

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Make Quarantine Report responsive

                    I would very much like to be able to review and process quarantine reports on my mobile device.

                    The current format requires lots of zooming and panning on a mobile device...

                    2 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                    • Web Protection(Proxy): File extension blocking inside archives

                      File Extension blocking inside archives only works with the Mailgateway (smtp).
                      We need it in the WebProxy!
                      It is a high risk to allow the download of executable files within zip archives.

                      6 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Webfilter: Ignore extraneous root certificates

                        Many sites include a root certificate in their downloaded chain. This is either a remnant of cross-root certificate mapping or a configuration error.
                        All tested browsers ignore the self-signed certificate as long as the same root certificate is installed in the trusted certificate store.

                        Unfortunately, OpenSSL, and therefore UTM, are not able to detect that the supplied root certificate is unnecessary, so the connection is blocked. Because of the significant number of sites with this configuration, it is a significant problem.

                        This link has an extensive discussion of the problem:

                        https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest

                        The discussion asserts that the RFC permits inclusion of…

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • OTP Just for WiFi

                          OTP is a really nice and cool feature.

                          Activating OTP for Just WiFi would be a great feature.
                          Actually, when OTP is active, you have activated it on places where we dont want to have it.

                          Think about WiFi.
                          Example 1:
                          If you setting up and Wifi with modern secure WPA2 and AES, its anyway almost easy to get the WPA2 Data by placing an AP with same SSID, and a good antenna to get all the Clients connected due "my" bad AP. Thats kind easy with kali linux.

                          If there's an OTP between WiFI, there would be an additional…

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • block message spam 550

                            Hello,

                            I share you a customer's situation with his PureMessage:

                            A customer receives an email ( SPAM / VIRUS ) sent her to a domain address that does not exist . The exchange server then returns a message that the sender address does not exist (Error 550) while returning
                            the content of the original email (with the virus). At that time well PureMessage blocks mail from postmaster@notredomaine.be but the mass of messages quickly saturates the exchange server unnecessarily ...

                            It would be useful to block the response when the message is considered viral or spam before Exchange is trying to…

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Packet Inspection of TCP UDP like Palo Alto does - Application Based Inspection

                              That ones those spent time with that stuff already know how easy it it, to open connections with BotNet Servers or with any other device just by opening an mos likely "common opened" port. BotNet Control, WebFilter, AV.... cant detect those traffic in most cases. We tested it ourselfs and were wondering that those old well known metasploit traffic is not detected.
                              Only the https connection made by metasploit was detected (aprox after 10 seconds) and was terminated. But could be endless reopened for 10 additional seconds and so on.

                              Its much more than easy to overcome an Sophos UTM…

                              2 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • IP Block List - General Automatic IP Block List for all Functions

                                Definition & Users -> Authentication Servers -> Advanced

                                Request for an „Auto-Blocklist“.
                                Specially on SMTP you all know how oft IPs try to gain access while try to guess login data.

                                I do not want those IPs never ever come up again - no matter what function on the UTM/SG/XG they try to use.
                                This traffic should generally discarded (not blocked – I do not want to nicely tell the opposite that he is being blocked)

                                Lets say a "UTM blacklist" which can either be filled manually, and then get selected for the functions (or all) of these IP /…

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                • SUM change notifications email address

                                  If you add or replace UTM notification email addresses via the SUM it only effects the notifications email address. It would be useful to have some tick boxes to also replace the system admin address and the executive report address as well.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Logging for hotspot vouchers

                                    Tie the ip address where the voucher is used to the voucher code so that we can see where individual codes have been on the internet.

                                    A voucher network like the user network where it contains all the ip's where they have been used would be good. We can assign a single voucher to a single device for staff BYOD devices, but in some cases we can have one voucher for 300 devices (Guests BYOD). But we need to see where voucher code blah blah blah has gone on the internet.

                                    Many thanks

                                    12 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Multi-Forest and Multi-Domain SSO

                                      Allow multiple AD Domain/Forest SSO whee thee are more than one AD Forest/Domain

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Safeguarding reports for Schools

                                        Enable safeguarding reports based on terrorism and radicalisation as these are now wildly required in schools

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                        • email on vpn connection

                                          Get an email alert when a specific user logs into the VPN

                                          8 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base