Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Web Security: Time-Based Application Control Rules

    Hi,
    time based application filtering would be very nice, for example make it possible to use facebook apps at lunch time but rest of day block it

    226 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Mail Security: Integrated Mail Archiving Connector in ASG

      An easy way to connect the Astaro Gateway to the Astaro Mail Archive cloud service. Sending all incoming/outgoing e-mail's to the cloud.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Mail Security: Display status of SPAM Filter service

        please add an indicator for what the connection status to the Spam Filter database server is, along with when the last update/seen was.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • SNMP Monitoring for Astaro-Wifi

          it would be nice to Monitor the Astaro Wireless Networks: How many Users are logged in, signal strength and so on...

          22 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
          • Networking: Display Static & Dynamic Leases Together

            My previous firewall was a SonicWALL, and on the DHCP Lease Table page, it showed all DHCP Leases, including those assigned by Static Mappings, and those assigned by Dynamic Range (in separate tables, on the same page).

            In Astaro (as of v8.203), the DHCP IPv4 Lease Table ONLY shows hosts assigned an IP via the Dynamic Range (no Static Mapped hosts are shown).

            I would like to see both Static and Dynamic DHCP leases shown.

            7 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
            • Reporting: IPv6 Usage Statistics

              Since we have started using native IPv6 i'm asking my one question all the time: How much percent of the whole trafic is IPv6, and how much is IPv4.

              Would be very interesting to have such an (optional) indicator somewhere. Haven't found a way to get that information out of the current data.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
              • WebAdmin: Search Services by Port in Quick-Selector

                When looking up Services (CTRL+X), You get a list of services that are used for creating firewall rules. But Searches only search the Name, not the port. Would be nice to not have to mouse over each one searching for the right port.

                4 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  Under Review  ·  1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                • Management: HTML5 Clientless VPN Management Role

                  The new Clientless VPN is an awesome way to manage remote access or remote support sessions for external service provider. With the ability to provide secure Remote Desktop or VNC access we are able to get rid of nasty tools like Teamviewer.

                  Often there is a requirement to have the ability for remote access deactivated by default and control when a connection can be made. Therefore I think it would be a nice feature to be able to delegate management users for each clientless VPN connection (just like the hotspot vouchers thing).
                  The management users should have a new section…

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                  • Reporting: Per-User Bocked Count

                    Make it possible again to report on the count of blocks per user, summarizing in order to find users with high blocked counts.
                    This was possible before version 8.2.
                    It should also be able to filter by category - but be able to include MULTIPLE categories in the filter. This way, overall block counts, and then related category blocked counts can be viewed, and used to inform further investigation of necessary.

                    2 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      Under Review  ·  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                    • RED: NAT / Masquerading Support

                      Add Masquerading Support for RED Devices. If someone has RED devices in Split Mode in use, and surf locally (without filters / security) this only works on routed / NAT'ed uplinks. Cable modems or 3G / UMTS Sticks do not allow traffic directly to Internet due missing Masquerading (Internal vs. public IP)

                      2 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                      • Networking: Collapse & Clone Rule Groups

                        It would be nice to have the ability to collapse and/or clone rule sets that are part of the same group to reduce clutter on the page.

                        10 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Networking: Ruleset(s) bound to an interface

                          I would like to have a list of rules which is linked Interface (Like the Standby Interface) from one place. Allowing me to easily group/manage a configuration by the Interface itself:

                          -Firewall Rule set.
                          -Application Rule Set.
                          -QOS Rule Set.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • 15 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                            • Reporting: Allow filtering on web reports for all fields/columns

                              It would be nice to filter reports to allow searchs for, e.g, blocked sites by users.

                              If we select the "User" report, neither "action" or the "URL" can be used for filtering. If we select the "URL", we can filter by "action" (blocked) but it misses the source/user.

                              I realy like the way the new reporting works, but it seems to enable the filtering only on the columns fixed in the "available reports" drop-down menu.

                              58 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                11 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • Endpoint: Hardware/Software monitoring on the Client

                                I would like to know the installed software, and for example the RAM used or free in certain time for support purpose.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Allow separate Uplink Monitoring Actions when having multiple Uplink Interfaces

                                  When designing fully-meshed VPN network constellations it can be desirable to have multiple uplink interfaces per satellite for load balancing purposes. Each uplink would then have distinct connections to other sites.

                                  If one of the uplinks fails, however, tunnels need to fail over to the available interface. For reliability, customers often choose between multiple ISPs for their two uplinks, so the interfaces don't share IP address ranges. In a failover scenario, separate tunnel configurations must be activated in case of interface unavailability.

                                  Uplink Monitoring, as of today, only allows a single set of actions to define globally. In the scenario…

                                  2 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                  • SSLVPN Fallback ip(s)

                                    When using multpile providers it would be usefull to also allow a secondary address to be used as fallback.
                                    So if ip from provider 1 is down, the sslvpn would try to connect to an ip from provider 2. So allow multiple ips for VPN, it is possible not all that hard just use multiple remote statements in the ovpn file.

                                    28 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                    • IPv6 stateful DHCPv6 Configuration

                                      There should be an Option within Prefix/Router Advertisment to set "Stateful DHCPv6 Configuration". I like to use the Windows DHCPv6 Server and not the internal Astaro DHCP.

                                      #######From radvd.conf manpage ################
                                      AdvManagedFlag on|off

                                      When set, hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using stateless address autoconfiguration. The use of this flag is described in RFC 4862.

                                      Default: off
                                      AdvOtherConfigFlag on|off

                                      When set, hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information. The use of this flag is described in RFC 4862.

                                      23 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        3 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • some RED debugging

                                        for a working RED, the ASG Webadmin should show currently connected USB devices (=UMTS sticks or...) in the status screen - for debugging, "is a stick connected" as well as "which stick is this?" and "is it recognized/supported by the RED firmware?" would be helpful.

                                        8 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Astaro Authentication Agent for Mac/Linux

                                          What I am suggesting is you port the "Client Authentication program" and the "Astaro Security Agent" to linux(32/64), BSD(32/64) as well as Mac OS X.

                                          183 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            12 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base