Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Notifications: Include System Time in Event Notifiers

    E-Mail notifications (internet uplink up or down, etc.) include the system uptime but not the actual time of the event. It would be much more helpful if the e-mail notifications included the actual time (local or zulu) of the event.

    13 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      Under Review  ·  1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    • VPN: Time-Based HTML5 VPN Portal Connections

      Give the option to set up a time period for the client access for example on the advanced section of the portal connection definition.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
      • VPN: Configurable Lease time for SSL VPN

        It should be possible to change the DHCP lease time for the remote access pools over the webadmin.

        6 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
        • Management: Full Change Log Publishing

          Please start publishing complete change logs for new firmware releases. It is ridiculous to have to hunt for hours in the forums to find some answers. Complete change logs are a must have feature for production use -- I need to know what was changed across versions to a) judge impact on prod b) be able to quickly diagnose issues arising after upgrade (happens all too frequently)

          8 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
          • Authentication: Import DNS hosts lists from AD OUs

            When importing objects from AD Astaro does not differentiate between users and computers in AD. If I sync an OU that contains computers, they are imported as user accounts which doesn't make sense. Couldn't there be an option to import those computers into the network definitions as DNS hosts? This way it would be easier to create specific rules for PCs on the network without having to create all the definitions.

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
            • Web Security: License Application Control as Part of Network Security

              Application control makes more sense to be part of Network Security verse Web Security. You're not controlling the users Web Surfing through Application Control. I currently see that it does nothing for Web Security. For Network Security it enable classification of the Network Traffic, Allows Admins to Shape Traffic(Apply QoS Rules) and Block Network Traffic. This is clearly a Network Security tool not a Web Security.

              11 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Enable DMARC

                DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Mail Security: Reject Messages with Credit Card Info due to PCI

                  Scanning for emails containing credit card numbers can bounce back with a custom PCI DSS compliance notification. Here is an example email that I got from someone.

                  ****
                  Due to PCI DSS Compliance (Payment Card Industry Data Security Standard), we are unable to accept emails that contain credit card information. Under requirement #3 we need to Protect Cardholder Data; email is not a secure transfer of data.
                  Please contact your account executive via phone to provide your credit card information. If you have previously used a credit card for your purchases and that card number is on file with us,…

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • 25 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                    • Monitoring: Display Serials of all units in HA/Cluster

                      The Device Monitoring Details in ACC show only one serial number, even if it is a HA/Cluster setup. It should show the serial number of all devices.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • AstaroOS: Add htop (Interactive 'top') support

                        Add the interactive top project. More information can be found at:
                        http://htop.sourceforge.net/

                        6 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                        • Reporting: Scale Executive Report to Wider Resolutions

                          Variable width of Executive Report - a lot of informations will be broken into seperate lines. Due to modern monitors, the report itself could be much wider.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            Under Review  ·  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                          • Network Security: Automatically Parse Logs / Analyse Threats

                            A feature to automatically parse local ASG logfiles AND received syslog logfiles from remote devices in realtime, and find user defined events. Would be helpful for example with all published services towards internet as FTP, SSH, Terminalservices, OWA etc. Usually anyone will be affected by brute force attacks or login attempts to these services from unauthorized people. As there is usually no notification in case of such events as failed logins on a terminalserver for example and has to be searched manually in the servers logs.

                            - Sophos UTM appliances should be able to parse local and via syslog received,…

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Networking: More Link Aggregation Interfaces (LAG)

                              The Link Aggregation on Webadmin has a limitation of 4 LAGs. On CC this limitation exists too. Please let the ID of itfparams to more than 3. So it is possible to create more than 4 LAGs.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                              • VPN: Toggle VPN's via UserPortal

                                I think it would be useful if an IPSEC VPN definition could optionally be assigned a owner. That owner would then have the option to activate/deactivate the VPN tunnel after logging into the user portal.

                                Use case is this: companies may from time to time allow a VPN to be setup to access for example a web site. Unlike an individual SSL VPN this access may be needed by an outside team, so multiple single access SSL VPNs are not satisfactory. After the firewall manager configures the connection and ensures the correctness of the rules, it becomes the responsibility of…

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                • Show Source IP, Date and Time in Web Security Reports

                                  We need the ability to drill down additional details in the security reports. Specifically my need is for Source IP, Date and Time information.

                                  For example we have students that do an inappropriate web search. I can see they they searched for x twelve times during the given timeframe. However to figure out what computer they were at and what time they did the search I have to search the log files.

                                  It would be great to simply click on the search term and one of the Search Direction Options have Date Time IP (computer name) type information.

                                  7 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Networking: Quality of Service Network Prioritization

                                    Allow prioritizing one internal network over another for traffic flow, both through the web proxy and for routed traffic. Essentially, one network needs to "take a back seat" when a higher-priority network requires more bandwidth, but can use the bandwidth if not needed.

                                    0 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Reporting: Application Shaping Details

                                      Provide reporting that shows when traffic shaping was used - allowing visibility into what was done and at what times in order to limit traffic according to defined bandwidth pools.
                                      This would enable much easier troubleshooting and improve ongoing design of that part of the configuration.

                                      2 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        Under Review  ·  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                      • AstaroOS: Add RegexTester and ProxyPAC Generator Tools

                                        Please implement such tools as RegexPerfTest and ProxyPAC Generator in ASG, as they are really useful.

                                        The RegexOptimizer also could be extended to test, if patterns match, and how much performance the expression consumes

                                        The tools are already available as download unter http://www.astarosupport.org/Downloads/ from Astaro for windows.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Network Protection: User-Based SNAT

                                          A very useful feature is it to make it possible to use a user from Asg, whether local or remote for the SOURCE-entry for S-NAT instead of the IP-Address of the host. The IP-Address of the host is used from user-source like ldap, ad or e-directory, similar like SSO for the web-security. I need this feature to assign a host(IP)-independent "user-based" snat for a connection to a highly secured network.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base