Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Linux Endpoint Protection Client

    Sophos Antivirus supports multiple Linux distributions. I recommend adding this client to the UTM Endpoint list so we can protect, manage and monitor security on our Linux servers and desktops

    101 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • 1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow reporting of alternate search engines

        I need to track search phrases from search engines other than Google/Yahoo/Bing, I want to be able to add search engines like baidu and other non standard web search services.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Centrally block all traffic to certain IPs

          It would be great to have one place to configure a "deny all traffic" from or to an ip address. "All" means "deny any/any as first rule in firewall policy", "no webadmin", "no userportal", "no smtp", "no access to reverseproxy", etc. Just all traffic.

          Right now you have to configure this at many places and you can't be shure that you don't have forgotten anything.

          I would need this to stop malicious traffic.

          4 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
          • VPN: Implement Java-Support for X11-Firefox in HTML5-VPN WebApps Sessions

            When using HTML5 VPN session with webapps, you can only execute standard HTML-code, e.g. the management web-interface of a printer. But if you try to create a webapp that uses java or active-x, it will not work because of the x11-Firefox which runs within the HTML5-VPN-websession by Sophos. Support for Java is appreciated because there are many web-based java-applications out there running in companis.

            28 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              3 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
            • Web Protection: Enforce policy on Sophos Endpoints

              It would be amazing to configure the Sophos Endpoint (not the UTM-provided one) to inherit the Web Filtering policy defined in the UTM.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                Started  ·  Angelo ComazzettoAngelo Comazzetto responded

                This feature will be a major component of UTM 9.2. It will be fully possible to enforce polices you create in the UTM at the Sophos Endpoint Client, regardless of if they are in the office (or in fact ever come in). This makes use of our LiveConnect functionality and is in fact…amazing. Enjoy!

              • RADIUS

                RADIUS support for ssh access.
                There are a lot of things which you can only do on a shell. Either with ssh to the box or with the serial console. One example might be tcpdump /cc commands/ grep.
                However, logon does only work with loginuser and or as root. Having multiple admins, you never know who does what. And this is a nightmare for auditing or troubleshooting reasons.

                Therefore, I would recommend to enable RADIUS authentication (or other authentication) for ssh and console access.
                I really would prefer a behaviour like most other network devices:
                Logon to the box based…

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                • RED: Split Tunneling Exceptions

                  When the RED site goes to internet through the headquarter, when it is in Standard/Unified mode, sometimes it is needed to route the traffic through RED's own internet line for specified destinations. It is very nice to write exeptions for specified ip addresses.

                  40 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                  • Turkish keyboard for HTML5 Portal

                    Please add turkish keyboard support when using RDP through HTML5 portal. It is very important for Turkey. Customer doesn't buy the device because of that even the other feaures are good.

                    4 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                    • alow in-place migrations with USMT ‘Hardlink’ data migration on encrypted drives

                      We have a requirement to perform in-place migrations of workstations numbering in the tens of thousands. A major barrier to performing these migrations has been the controllability of Sophos Safeguard versions
                      5.x and 6.x. Our engineering organization has developed some workarounds that enable certain in-place migration scenarios where Safeguard is involved, but other scenarios that have been deemed critical to the success of our mission have remained unaccomplished
                      due to limits placed on our ability to control Safeguard.

                      During our past meeting with Sophos engineers, we posed some questions regarding these in place migration scenarios in an effort to receive…

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                      • Wireless hotspot default download limit per session/ip/mac

                        It would be great if we could set a default initial limit on how much MB a user could use. ie They use accepts a terms and condition and they get a settable limit (say 50mb) once run out either a voucher can give them more or a special override system override code.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • UTM Endpoint Protection: Require client for connectivity

                          On some (well, one I'm aware of) competing security platforms, if a client device attempts to connect through the perimeter security device, and does not have the vendor's endpoint security client installed, the client is either forced to install the endpoint client or it is pushed automatically -- this would help with deployment and enforcement of security for local networks.

                          9 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add "Wetransfer" to Application Control > File Transfer

                            I see many services under "application control" > "file transfer", 110 actually, but besides services like YouSendIt I miss Wetransfer.

                            Can you please add it?

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                            • voucher printer

                              I think its necessary to make it possible to print vouchers directly. In the Moment in all Web-Browsers you click on "generate" then it opens a download (in chrome you have to confirm the download) then in PDF-viewer you have to go...
                              thats to tedious.
                              So please embed an generic/text driver or better sell an "Sophos-Printer" for this solution (like Brother Ql-Series)

                              6 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add "Protocol 58" to Application Control >Networking

                                I would like to Monitor ICMP v6 Protocol 58 across the networks.
                                Using the Application Control would give a good and clear picture of what is happening and how much traffic.
                                Thanks
                                Mark

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                • 1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Modify iptable for Web Security service to send resets instead of dropping connections to port 8080 when service is disabled

                                    Modify iptable for Web Security service to send resets instead of dropping connections to port 8080 when service is disabled. This will help in providing fail-over capabilities when proxy mode is utilized. When PAC file is utilized, one UTM can be defined as a first proxy and the other as a second. If Internet connectivity on one site (where proxy one is installed) goes down, the service on that proxy can be disabled. If reset is sent back to the users, the second proxy is immediately utilized. Right now, the second proxy is utilized, when TCP connection attempt is timed…

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Have the ability to bind a hotspot to a vlan

                                      We currently have all our AP's on the network which are scattered around the place on different switches, which all connect back to the internal interface on the firewall. We would like to be able to use the hotspot feature by being able to bind it to a vlan instead of having to bind it to an interface which is the limitation we currently have as if we bind the hotspot to an interface as is currently then all our users will get the splash screen to logon and will require a voucher, which is not what we want. We…

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Rain sensor

                                        I'm using the home edition at home. I've told my kids that they can only use the Internet when it's dark outside or if it's raining. Otherwise, they should be out playing with friends.

                                        I can not use a time period based access-list for this. Wouldn't it be possible to develop an interface for rain/light sensors?

                                        Sunshine = Internet down
                                        Rain = Internet up

                                        Bjorn

                                        111 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          17 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • IPS: Protect against rdp attack

                                          Need to protect against RDP attacks trying to exploit Terminal Servers. Should be able to recognize repeated attempts to login to an RDP session and failing. I see constant attacks from all over the eastern hemisphere and I have customers that actually have people that need to login from some countries there so GeoBlocking doesn't help...

                                          22 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base