Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Put back the HTML version of the Disclaimer thats in Puremessage

    Currently there is only option to put a text disclaimer and we used Puremessage for a number of years which had the capability of HTML discaliamers with different size fonts and colours its like going back in time with the TUM

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Keep online help in sync with UTM version

      The Online Help apparently gets updated with pattern updates, causing it to be out-of-sync with the current installation.
      This leads to confusion, as features described in the help are missing, etc.
      see http://www.astaro.org/gateway-products/online-help-documentation/23640-improving-online-help-2.html#post238924
      and Heja's response immediately below that.

      4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
      • Update tcpdump

        Please update tcpdump in the UTM.

        The current version in 9.101-12 is 3.9.8, and the current version on my not-newly-installed Ubuntu desktop (as an example) is 4.2.1.

        That's quite a discrepancy, and there are at least two useful features which we are precluded from using because of this ("-G" and "-z", and others).

        Please update tcpdump in the UTM to a more recent version.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • email appliance: adjust column widths under search

          ability to adjust the column widths for results within the "Search" section of the email appliance. Long information gets truncated, no current way to adjust the column widths

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
          • Please add in Sophos UTM in Web Protection>Application Control>Application Control Rules the new application control for Vk.com (vkontakte)

            Please add in Sophos UTM in Web Protection>Application Control>Application Control Rules the new application control for Vk.com (vkontakte.ru). This is the Russian equivalent of Facebook. The feature could be really useful

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
            • add reject-with tcp-reset function

              The "reject" action in the paket filter rules sends an ICMP - Destination Unreachable to the rejected Host. It seems that most applications ignore this ICMP. Therefore other Firewall Systems implemented the "reject-with tcp-reset" function. This way a tcp session will be ended, and hopefully the Applications will not have to wait that long until it realizes that the connection is not permitted.
              This is needed because many computers and other devices suffer from network hangs because they try to connect to forbidden hosts.

              25 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Change Notification for WebAdmin

                i'm looking for a method to receive all changes by mail that's made in a WebAdmin Session by an admin. We have up to 3 administrators that allows to administrate our firewall and it's much easier for the other administrators if they're known which changes are made.

                7 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                • Central Management SUM Server: Possibility to keep a maximum of 30 backups per device

                  SUM Server: By now, automatic backup configuration allows a maximum of 10 backups per device. For audits (e.g. SAS70) we need to have the possibility to save at least 30 backups (1 month) per device.

                  6 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Belgian French keyboard support for HTML 5 VPN portal (RDP Connection)

                    Add all missing keyboards for users who use RDP over HTML 5 VPN portal

                    26 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • Increase SSHd LogLevel to VERBOSE

                      Using SSH public key authentication for loginuser/root does not log which key was used to authenticate, because the sshd_config LogLevel is set to INFO.
                      It should be increased to VERBOSE, so you could determine who accessed the shell.

                      2 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                      • Customization of actual WiFi voucher codes

                        The ability to edit and create your own custom Vouchers codes but still being able to restrict the data the guests can use. For example if you are at a Sophos Conference. I would setup free WiFi, if I could customize the actaul voucher code it would be Sophos13, and that way I can still limit how much data one guest can use per 2 hours etc

                        6 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Endpoint Policies - Automatic Cleanup, Quarantine but no Delete?

                          Default config of Endpoint Policies on the UTM are to automatically clean threat, if this is turned off the policy will quarantine the threat but there is no option available to delete the threat.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Feedback from a Reassessment Request

                            Support to provide an email on a Reassessment Request to say it has been approved or rejected. So that Network Administrators can provide feedback to our customer base.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • SSL VPN virtual IP via DHCP server

                              The Remote Client should get a virtual pool IP from the local DHCP Server when he is connecting via SSL VPN, instead of the UTM vitual pool IP.

                              10 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                              • LISP Support

                                to bundle multiple WAN connections (Locator/ID Separation Protocol = LISP).
                                And a ready to use EC2 Machine as endpoint for self hosting.

                                13 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                • Application Control: Customer-defined application definitions

                                  Should allow customers to add their own applications in the list.

                                  This allows the customer to update faster its own list of applications

                                  61 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    4 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Mail manager: alert when incoming mails are blocked in the spool

                                    When spooled incoming mails have not been sent to the mail server after a certain number of attempts, alert the administrator (by email) so he can download them if needed (for example with the current bug where the firewall do not send the end of certain emails to the mail server). Otherwise, there is no way to be alerted of such a pb.

                                    7 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Networking: Forward Ping for Devices behind UTM

                                      In V8 it was possible to Ping Devices behind the UTM Device, in V9 it is Disabled and could not be Enabled with a Packet filter Rule.

                                      This function is useful for us and our Customer which has Devices behind the UTM in his own DMZ that should be monitored by Monitoring Systems etc.

                                      27 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

                                        While already possible by disabling the built-in ICMP handlers and creating your own packet filter rules for explicitly allowing such traffic, we will review the operation of this behavior and if we can refine the GUI here.

                                      • Generate an email alert for high CPU and RAM usage

                                        It would be nice to be alerted via email (or other methods) when the CPU usage or CPU usage of the Sophos appliance gets above a certain threshold. We have had issues where our customers suffer from slow internet speeds that are caused by high device utilization. It would be nice to be alerted to this.

                                        22 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Networking: RPC Connection Tracking Helper

                                          A port object that automatically unlocks the associated high ports for the RPC mapper, so you must not unlock all high ports for the RPC services.

                                          36 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base