Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. UTM Tools - Web browser

    Have need for a web browser tool when doing remote admin on a UTM device.
    This should be under tools web browser next to ping and traceroute.
    Reason: To be able to open a remote brower to access other http devices on the remote network that may not have the correct GW to the UTM device or use another GW by default.

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
    • allow to enable DHCP server as Uplink Monitoring Action

      It would be nice to have an action for Uplink Monitoring to enable a certain DHCP server.
      For branch offices which use local breakouts, it might be useful to have client-IP-configuration still operational although a tunnel to the headquarters (which usually serves the DHCP-services) failed due to Uplink breakdown.

      This would especially be handy if uplink monitoring could be grouped and you could add a second group for "required VPN tunnels" (see my other request: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/4426611-allow-uplink-monitoring-groups-and-monitoring-of-t)

      10 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Add Support for BGPv6 and Multiple Rotuer IDs

        It would be really great if we could set up more than one Router ID for full layer 3 redundancy. Also, the ability to use an IPv6 address as a router ID would be awesome, BGP isn't limited to IPv4 anymore.

        4 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Whitelist Reputation White List

          We currently have rbl for the smtp proxy. However, it seems there's lots of false postives from cbl.abuseat.org, zen.spamhaus.org and others. Add the feature to use a rwl (Reputation White Lists), from vendors such as spamhaus.

          2 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
          • Sophos VPN client use a driver certified by Microsoft

            The current Sophos VPN client package (UTM 9.105) uses a Windows driver which is not certified by Microsoft. This causes a problem when trying to install the Sophos VPN client on Windows 7 via SCCM. We need to use a Sophos VPN driver which is certified by Microsoft.

            8 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
            • Mail Protection - Change WAN Inteface / Mail send over WAN x Interface

              There should be the possibility to configure the Mail Protection to use another WAN IP, if you have more than one.
              Also choose the WAN IP for individual domains, for example:
              Send mails from test1.de over WAN IP 1, send mails from test2.de over WAN IP2

              77 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                6 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Add SSL VPN traffic to daily executive report

                Currently traffic show "not accounted: for SSL vpn users on the executive daily report. Can we enable so it shows how much traffic each user is generating? Also it would be nice to adjust the amount of users shown in top10 vpn users by duration, so we can see more than just the top 10.

                28 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  5 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                • DHCP Server

                  Allow more minute control of ip. allow the manual removal, or custom time limit of leases. allow input of secondary dhcp server for multiple scopes.

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                  • VPN: Support for Citrix Servers via the HTML5 VPN Portal

                    We would like to offer Citrix access to users via the HTML5 VPN portal.

                    177 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      4 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • Increase default disk timeout for virtual UTMs

                      Increase default disk timeout value from 30 seconds to 180 seconds for virtual UTMs.

                      Please see

                      http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009465

                      I have proven this to work and can also give examples of the carnage a 30 second timeout can cause

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                      • Authenticate a user against multiple different backends

                        Currently, a single user can only be authenticated against a single backend. If a user exists in multiple backend with the same username, you get all sorts of funny reactions.

                        In the documentation about Dynamic Group Membership the described logic would make this possible. However, it doesn't work as described; Users end up in the wrong backend group and some UTM services throw authentication failure errors while the backend in question can successfully authenticate the user.

                        Please make it work as described in the documentation!

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                        • email appliance reports

                          I confirmed with GES that currently the following time settings are as follows:

                          Quarantine Search - converted to Timezone setting
                          Mail Queue - system GMT time
                          Mail logs - converted to Timezone setting

                          my customer would like to get all the times above show as their local time to reduce the confusion for the admin and end users

                          the case in sophtrac is 4181932

                          0 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Make the UTM-425 ver. 9.x, work with Internet Explorer versions 8, 9, 10, etc...

                            UTM 425 version 9, make the utm work with internet explorer for the webadmin and the user portal. Our current utm does not display these utm pages correctyl. We need to use FireFox. IE comes installed as part of MS-Windows and makes sense that it should work with IE by default. It should not matter what browser you are using to connect to the UTM.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                            • BGP filtering by Community

                              Allow a BGP Route Map match a community.

                              BGP communities are simply values attached to a route that is sent to BGP peers. This values have special meanings to the peers and cause specific actions to be taken, depending upon the values assigned. A customer who is multi-homed to a service provider can often use communities to tell the service provider how to route traffic to the customer autonomous system (AS).

                              "A community is a group of destinations which share some common property. Each autonomous system administrator may define which communities a destination belongs to. By default, all destinations belong…

                              7 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                              • HA-Cluster in der Amazon Cloud nur mit 3. Netzwerkarte möglich

                                Ein Endkunde hat uns gebeten, folgendes Feature-Request zu stellen:

                                Sehr geehrtes Infraforce Support Team,
                                gibt es wirklich keine andere Möglichkeit außer einem 3. Hardwareadapter? Innerhalb der Amazon AWS Umgebung bedeutet das, dass die VM statt 0,06€/Std. ganz 0,26€/Std. kosten würde. Also 0,20€/Std. nur für die HA-Funktionalität! Das ist überhaupt nicht akzeptabel. Die VM kostet dann pro Jahr statt 525,60€ ganze 2277,60€ nur um die HA Funktion nutzen zu können… Das dann mal 2… Und da sind noch nicht mal die Sophos Lizenzgebühren drin…
                                Können Sie das ggf. als Feature Request bei Sophos einreichen? Es gibt doch sicherlich eine Möglichkeit das…

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                                • Compatibility with VRF

                                  This request is more and more a demand coming from customers that sometime have strong requirement for their routing backbone. Could be a very good point to implement this kind of feature.

                                  10 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                  • show more information about REDs on the UTM

                                    Allow the admin to see the last contact of the RED with the provisioning server to make sure it downloaded its config and when

                                    10 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Email notification to receipient for Quarantined emails

                                      This feature would be useful to clients that needs real-time notification for emails quarantined instead of waiting for the Quarantine Report or wondering why they have not received an important email that they are waiting for.

                                      27 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • weak cipher

                                        For most security audits its necessary to be able to disable ssl weak ciphers on all of your systems. It would be awesome if this was an option for all of the SSL pages (port 443 and 4444) that the UTM product itself exposes.

                                        I'm not referring to the Web Application Firewall here, but the pages that are enabled with just the Network Protection license.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Synchronization Password of the Day with WiFi PSK

                                          It would be good if you could synchronize the daily password automatically with the PSK of the guest WLAN.

                                          24 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            5 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base