Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. email appliance: policy message flow documentation

    email appliance: policy message flow documentation does not include "data control" - see http://ca-repo1.sophos.com/docs/esa/sea_docs/en/ESA/references/policy_flow.html for reference

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
    • 0 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Server Load Balancing: Enable/Disable/Weight Real Servers via an API/Special HTTP Response Code for automatic Deployments

        We often deploy new Configurations and Software to our real servers behind about 15 SLBs. By now we always have to login to WebUI to manually rebalance the Real Servers we wan to maintain, and rebalance them back for the second half of a SLBs Real Servers.
        It would be nice to have an SSL+Login API to do it automatically using something like Capistrano or even a predefined per-SLB HTTP Response Code, the SLB knows to rebalance to 0 for specific Servers.

        27 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • search or refine for DNAT or SNAT or FullNAT

          On the NAT page in 9.005, there is no way to display only the SNATs (or DNATs or FullNATs)... entering 'SNAT' into the search box in a blank result.
          Please add a dropdown or add these terms to the searched words.

          5 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
          • Puremessage

            Automatic email report (about Spam and virus) from the Pure Message for EX

            Currently only manual reports can be created

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
            • Domain routing for mail exchange

              It would be great if you could send outgoing mail to one explicit mx mail record, instead of the one with the highest priority.
              So it could be possible to send mail with TLS to a host which supports TLS, when the primary host is not supporting TLS.

              6 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Reduce menu clutter by moving or removing unlicensed features

                If I only have a license for a few features, it would be nice if the other, unlicensed, features were not shown in the main menu, or at least moved to the bottom; it would speed up access to the licensed features.

                thanks

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                • Improve the Wireless Captive Portal by adding improved bandwidth control options.

                  I propose improvements to the Wireless Captive Portal that facilitate fair bandwidth distribution.

                  1) Customizable limits on hotspot users based on multiple criteria.
                  --Bandwidth Maximum Rate
                  --Total Bandwith Consumed (Volume based access)
                  --Content Restrictions (traffic shaping)
                  --Time of Day Restrictions
                  --Total Time Restrictions

                  2) The ability to charge for access, either as a whole or charging for upgraded services.
                  ----- charge for all access -----
                  --charge for all access at one level
                  --charge for all access at tiered levels
                  -----Provide basic access for free-----
                  --charge for upgraded Bandwidth Rate
                  --charge for upgraded bandwidth cap (Volume based access)
                  --charge for anytime…

                  10 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Sierra 310U 4G/LTE support for RED devices

                    Customer would like support for the product above or 4G/LTE on RED devices. They want it so that when used for HA in RED, when the main internet connection goes offline, it will fail over to the Sierra 310U.

                    4 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add ability to publish site for External users to update Sophos AV as a secondary location

                      It would be nice if I could add in a site or relay of sorts for our endpoints to update their Sophos AV + policies from Sophos Management Console for external users aka secondary update location.

                      5 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • SMC: Only whitelisted apps allowed in Apple App Store

                        Currently, although there is a possibility of whitelisting/blacklisting apps in SMC, there is no way of actually allowing App Store on the device and restrict the downloading/installing of apps. To have full control of the device, you have to actually implement a policy of disabling the App Store itself.

                        Ideally, the App Store should be available and only whitelisted apps are allowed to be installed. This would also allow the users to update the installed apps. The current solution is a drastic push policy to allow App Store, ask users to update apps and ask them to call back when…

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                        • Check if computer is trusted for SSL-VPN Client

                          Actually Users can download the SSL-VPN Client e.g. over the User Portal and can install the VPN Client on which computer they want. A check if the Computer is trusted (e.g. check a registry entry or a file check on the local disk,...) would be very usefull.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          • Puremessage for Unix 6 - concise, complete, definitive documentation

                            Concise, complete, definitive documentation of
                            the correct entry formats for each of the lists, to be made available in the local PMX help and the
                            knowledgebase, linked from the Puremessage Manager edit pages (see below for example) for each list
                            and searchable by the
                            list filenames.

                            Example: on the page /Policy/edit_list.cgi?id=internal-hosts
                            add a link "Help on valid formats" to the documentation. Same for other lists, each link is to the
                            specific requirements for the type of list being edited.

                            0 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • please filter outlook anywhere (rpc over https) in the waf. just pass is a big security risk!

                              From the Online Help. Microsoft Outlook traffic will not be checked or protected by the WAF! Please implement a filter so that we can publish Outlook anywhere in a secure manner.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Enable the directory services groups to identify and include the mail attribute of any distribution group.

                                Enable the directory services groups to identify and include the mail attribute of any distribution group that is a member of the directory services group. Currently the product only identifies the mail attribute of members of the distribution group, and misses the mail attribute of the group itself, and therefore messages sent from the address of the mail enabled distribution groups are missed and policies are not applied to them.

                                How will this new feature address your business requirements?: It would make this feature of the appliance usable, in its current state it's not fit for purpose

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Dashboard icon design

                                  Hi

                                  I have a little idea for the design of the dashboard on UTM 9.x
                                  If an function/service is not used/activated, it's marked with an red X symbol.
                                  On 99% of all systems red X symbols stands for "bad" or "error".

                                  I think it would be better if the symbols are the "greyed out version of the OK symbol"

                                  like this: http://abload.de/image.php?img=icon82dmv.png

                                  In fact:
                                  Icon for activated: http://abload.de/image.php?img=icon2hlfb3.png
                                  Icon for deactivated: http://abload.de/image.php?img=icon82dmv.png

                                  2 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                                  • AuthenticationAD OU and Group Synchronization

                                    With more companies using the NSG platform for Web, Email and Endpoint Management, having the ability to import OU's and Groups become more important for policy management and reporting.

                                    Having granular policy control for Web use or Email DLP is very important for both public and private sector businesses. Most mid - large businesses require a level of departmental reports, typicaly based on users being members of particular groups or OU's.

                                    For more than a few hundred machines, endpoint policy control is easier with the ability to group and apply machines based on how they are grouped in AD -…

                                    58 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Reporting: Offer Web Departmental reports with Usernames, Sites, Traffic and Duration

                                      Whilst you can create Departmental reports, containing the Sites, Traffic, %, Pages, Duration and Requests, it doesn't include the Username of the user. It would be really useful if you could create Departmental reports showing all of this information,sorted by usage and include the username, so that a Department Head can see the usage of all his/her employees, in a single report, rather than having a seperate report for each user. It would also be good if it could include the option to have a date/timestamp entries as well.

                                      72 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        Under Review  ·  1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Mail Protection: Add "delete" and "blacklist" buttons (to the current "release" and "whitelist") to quarantine digest email

                                        This would make user blacklisting significantly easier and reduce the amount of email held in the quarantine .

                                        86 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          3 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Enable Host based relay for basic guard subscription

                                          We love the new basic guard subscriptions because we are now able to sell UTMs to our small business custumers. But there is one big problem, the UTM can only be used for inbound mails. Please enable Host based relay for basic guard subscription! In our opinion this is a basic feature and should be also available in basic guard subscriptions.

                                          12 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base