Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. "VPN Manager" role

    Dear colleagues!

    Our customer wants to have “VPN Manager” (or being more precise – “Site-to-Site Manager”) role.
    Many IT guys there only need to create Site-To-Site VPNs between offices and IT management does not want to give them more rights on ASGs than needed for this task.
    Can you arrange this somehow (maybe a patch or an upcoming update)?
    Version is question – 8.3 (8.303 or 8.305 used for now)
    Thanks in advance.

    20 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    • SAV on servers: templates for exceptions

      The customer asked if it is possible to get standard lists with exceptions which they can import into the Anti-Virus and HIPS policy. Like exceptions for Exchange, Sharepoint oder Lync.

      10 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • RED: Display Link for Version Lights and Codes

        It would be nice on the UTM to have a Link to a help screen that lists the Light Available on that RED Version and the Light Codes for the boot sequence. Ver 1 has a System, Router, Internet and Tunnel, while other might have a System, Internet and Tunnel only. Also the little 1 sheet setup guide on newer RED devices doesn't detail what the light error codes mean. So you now have to guess if the problem is with the provider or with the RED itself.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
        • Endpoint Tamper Protection Hardening

          Can endpoint tamper protection be hardened in a way that the user (even administrator) does not have the ability to disable Sophos services, rename the Sophos directory structure, or even delete Sophos registry keys.

          All this will add optimal protection against tampering by not allowing anyone to uninstall Sophos, even with administrative privileges.

          28 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            4 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Web Protection: Read-only access for Facebook and Twitter

            To control usage and data transmission without impacting the casual ability to browse these popular sites, I would like to limit Facebook, Twitter (and other social networking sites) to read-only. Employees can then read these sites but cannot post status updates, send messages, upload photos, etc...

            11 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Web Protection: Voucher/Time-Based Exceptions

              Web Protection: Voucher/Time-Based Exceptions.
              Please add the functionality to create exception rules in the Web-Protection with voucher-function and e-mail like quarantine-e-mail notification or user-portal notification to inform the user by provisioning the "exception-ticket" . After this, the user receives an e-mail with voucher information and can unlock his session if he wants and can use the excepted services for his fixed/scheduled time. Very often we need to create exception rules (DropBox-Services or RemoteAccess and so on...) for a few hours or days. The user needs the possibility to activate the tickets when he wants.

              Now we don't be allowed to…

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Sophos NAC managable by the UTM

                Activate on specific UTM interfaces the NAC service and in based of the info provided by the Sophos NAC client, activate or deactivate specific packet filter rules.

                - Packet filter rules for authenticated users with Sophos NAC client enable and Computer compliant
                - Packter filter rules for users not authenticated with Sophos Nac client enable and compliant
                Packet filter rules for users non authenticated with Sophos Nac client enable but not compliant
                Packet filter rules for non authenticated users without any Sophos Nac Client

                12 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Save Button for Changes

                  Changes in the GUI shouldn't be active immediately. There must be a save button to activate changes. It is very important to prevent mistakes and you can change several setting and activate all at the same time to not lose the connection.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                  • Authentication: Active Directory SSO with Windows Live ID

                    There are compatibility issues with the AD SSO authentication on Windows 7 machines running Microsoft Live ID Assistant.

                    The only solution provided until now is to uninstall the Live ID, but it keeps getting installed by Windows Updates and has built in many applications (like the Essentials or Movie Maker).

                    35 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      6 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                    • Customization SMTP-Error like for to big mailsize

                      Would be nice to customize some error answers in smtp-error codes, like for to big messagesize.

                      -Example-
                      The default message is:
                      A message that you sent was longer than the maximum size allowed on this system. It was not delivered to any recipients.

                      Change to:
                      The message you would send is too big since our policy. Please see http://www.company.com/mailpolicy.pdf for more information.

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add SSL support to V.9 of Sophos-UTM's HotSpot support. This is needed to protect transmission of the passwords.

                        Add SSL support to V.9 of Sophos-UTM's HotSpot support. This is needed to protect transmission of the passwords

                        14 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                        • Reporting: Users with top blocked request

                          I would like to run a report that will list all users by blocked request. This will allow administrators to see users who are attempting to bypass the filtering, and or have a compromised machine.

                          New custom report >> Available Reports: Users >> Today >> All Departments >> With the Action "Blocked" and then be able to sort by Requests.

                          5 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                          • Authentication: Associate assigned IP via Radius AUTH to local User object in UTM

                            Hi! Associating an assigned IP to an authenticated user (for user-based security rules) is not working for remote access with RADIUS - but it could. Please!... ;) Thx in advance!

                            18 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                            • add configuration change control to webadmin

                              Here's what I see this feature looking like: When enabled, admins can make changes to the current config, but changes would not be applied to the running system, until the change control is approved.

                              Approval should be configurable, so that only authorized users can approve a change control, and optionally, require more than one admin's approval to be approved.

                              Multiple simultaneous change requests should be allowed, and the approval section should report the requested changes, and any changes which conflict with other requests. (i.e. two requests that edit the same object or value)

                              Once approved, a request should able to…

                              14 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                              • Manage notification settings from UTM Manager

                                It would be nice to be able to control notification settings for all devices from the UTM Manager (Astaro Command Center).

                                For example, if I want to go and disable notifications for "Failed SSH login" on all UTM devices, I have to make the change on each device. Same applies for changing the sender and recipients of the notifications.

                                2 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                • WebAdmin: Filter Out Firewall Groups

                                  Because groups can be made of rules it is sometimes desired to hide an entire group. But because they are not always placed by the administrator in sequential order, it wouldn't work to roll-up rules 2-4 and 7, 9, and 22 for example.

                                  As such, can you add support for "not" showing a group using the filtering option? This would be better instead of how some have asked for a roll-up style, as the order of the rules indicates their processing.

                                  23 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    Under Review  ·  1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable transparent use in bridged mode

                                    I have a new client that's a hosting facility. At present, there are hundreds of websites with existing IPs, DNS entries, etc. It's not practical to protect these existing sites because of the requirement that a Virtual Server use an IP on the arriving interface.

                                    We attempted to go around this by running all of the traffic to a test server through the UTM in bridged mode. We tried using a DNAT to direct the traffic back to the bridged interface with the address of the bridge. This didn't work because the REDIRECT capability isn't configurable in WebAdmin (per Development).

                                    0 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • AstaroOS: Support VirtualBox as a Virtualization platform

                                      Currently i failed with setting up UTM9 as a VirtualBox guest and using NAT/Host-Only-Network-adapter due to lack of driver supporter.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • UTM Endpoing Protection: Submit url/file virus for review

                                        Iave some false positive reporting via Endpoint-Protection on my Home UTM. It would be fine to directly report this detections to sophos support, to check/review this to get better false positive rating,...

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Wireless Protection: Option to log voucher number within web surfing activity

                                          A great thing would be also the log every access to a website with the voucher number information. So it's possible to track illegal surfing attempts to a user based on the voucher provided to them.

                                          69 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            12 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base