Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Wireless: Bind SSID's to an Interface

    I think it would be very useful the possibility to choose the interface card that you want to use binded to a wireless interface. In this way, if you have for example 3 interface cards that you want to be available for an AP (and all AP are connected to the same interface, ie internal), you can bind each SSID to a specific interface without manually creating any Wi-Fi network, and avoiding to duplicate-triplicate the packet filter rules, DNS configurations, masquerading configs, proxy profiles, and so on.

    IE: You have Internal, DMZ, Guests physics interface cards, you will simply:

    Bind…

    2 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Networking: Per-User Bandwidth Graphs (QoS Graph)

      Add the ability to see selected (or all), bandwidth graphs per user. I would like to be able to specifically show my users, that they are using X amount bandwidth.

      694 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        40 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
      • Logical DMZ

        Suppose I have one device which needs unfettered access to/from the web. If my machine is out of NICs, I cannot dedicate a NIC to a DMZ "network". I just want to allow one particular device to come and go without restriction. It would be nice to be able to logically DMZ a host based on IP or MAC address for that purpose.

        NOTE: I am aware that I can create IP Filter rules and DNAT rules for a host to have *seemingly* unfettered Internet access, but trust me... that does not work for some devices. I have tried... several…

        10 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • 1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            Under Review  ·  1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Provide the capability of prompting for a username / password to a port access by using the local db

            Same principle as VPN but using SSL for the port. Too many sloppy apps are being developed for devices that do not have support for SSL as part of it. So, if the port assignment is unique the ASG can then resource the local security db for authenticating that the VPN service also uses.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              Awaiting Feedback  ·  1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • Network Security: Default new Packet Filter Rules to top

              When adding new Firewall Rules, make it so that I can set a preference that all new rules will be auto-placed at the top.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Filter based on user-agent

                Redirect (or block) to another proxy based on user-agent received by HTTP/S Profiles.

                We run an apt-cacher proxy on an internal host since I no longer have the space to dedicate for full mirrors. I want to catch all request for user-agent with string "APT-HTTP" and redirect those to the apt-cacher.

                10 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Networking: Concurrent Connections Limiter

                  At this time there is no possiblity to limit the external connections from the ASG to a specific IP/ server.

                  At our production location we have to use an external party that has a very strict firewall. If more than lets say 100 connections originate from the same IP, this IP gets blocked.

                  It would be nice if an option becomes available in the ASG.

                  12 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Web Security: File extension blocking inside archives

                    the need to block specific file types will have multiple customers and with the Extension-filter it works just under the circumstances that files are not inside an archive.
                    There is the need to block these files also in f.e. "ZIP" archives.

                    36 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Mail Security: Link to UserPortal from Quarantine Report

                      My users have requested a direct link to the user portal in the quarantine report emails they get. It's a surprise the feature is not in them already.

                      25 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        Under Review  ·  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • WebAdmin: Management role for site-to-site VPN

                        In the Astaro Webadmin there are managment rules, but not a dedicated one for Site2Sitemanager. Please add this.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                        • 5 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  AstaroOS  ·  Flag idea as inappropriate…  ·  Admin →
                          • Mail Protection: Authenticate against the SMTP server for relaying

                            Mail Security feature could be augmented by implementing an SMTP AUTH mechanism for authentication of SMTP users against the target SMTP server. Sometimes this is needed for customers who can't use LDAP/AD because some users are defined locally on SMTP server only and are not present in LDAP/AD structure.

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Networking: Time-Based quality of service rules

                              Add option for Time-Based QOS rules, Where we can assign time and Bandwidth to a Network.

                              77 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                Under Review  ·  12 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                              • RED: Combined Red and Access Point

                                Have the RED device come with a built in wifi access point similiar to the new offering from Meraki (MR12/16/24).

                                12 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                • Web Protection: Create Auto-Configuration file Automatically

                                  Since the ASG is the proxy, and it knows what methods are allowed and for/by whom, and when (we have some time-based profiles for our factory area) then why does it not auto-create the necessary code for autoconfig to work instead of us? Would be great instead of trying sample code and replacing the names, addresses, and so on with our real data?

                                  2 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • WebAdmin: Force password change upon first login

                                    a optional Checkbox in user creation menu with that feature would be nice.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Auto-Validate Commerical CA's for HTTPS Filter

                                      With the scan https (ssl) Traffic option, on the webproxy module, even the comercial CA have's to be add an exception on webrowsers this for a company with more than 100 users it's really a headache, make transparent the ssl validation, don't make the administrator have's to install the CA of the Asg on each computer thats painful.

                                      7 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • VPN: Usage of Availability Group

                                        If an availability Group can be used instead of the fixed uplink interfaces definition which is bind to the interfaces in the uplink balancing, it would provide many options such as:

                                        1. Selection of primary link of IPsec tunnels which can be different than that of primary browsing or email traffic

                                        2. Use of IPVPN links which have no internet but branch connectivity only, saves creating lot of multipath rules to differentiate traffic of IPVPN and internet.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Web Security: Exceptions support for Unscannable Files

                                          we should add execption for Block unscannable and encrypted files as this field can be enable/disable form http proxy but i think i will always keep it enable and let add execption to user or director (to send and recive password protected file )

                                          14 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base