Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WCCP support as a target of redirection

    Support redirection of web traffic TO the UTM, FROM a WCCP client device such as a Cisco Router or ASA. This feature already exists on the Sophos Web Appliance. Implementing this feature would allow customers with Cisco network gateways to redirect traffic to out-of-band UTMs for filtering.

    28 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • SMNTP

      Hi-- I'm using Zabbix to monitor my environment-- including Sophos UTM where possible.

      One thing I don't seem to see is a way to monitor the status of ipsec site-to-site vpns using snmp traps. I can get either a [WARN-726] (a site is down) or a [INFO-726] (a site came up)... but I don't seem to get info on WHICH tunnel.

      Since I currently have 35 site-to-site vpns running through this thing "the vpn is down" isn't a very helpful alert.

      By contrast, if I have email alerts for the same event turned on, I get something like:

      VPN connection…

      55 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
      • 1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Outlook add-in Encrypt option

          Customer Feature request -

          Company: PAA Services Inc
          Contact: Thomas Sworen
          Sophos Partner (if applicable):
          Sophos Product: Sophos Outlook Add-in
          Version in Production: 1.3.0

          Is there a way to specify where the “Encrypt” button displays in Outlook 2007.
          I have several users who click Encrypt by mistake thinking it is the send button.

          0 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • SPF filter on Sophos Email Appliance

            It will allow people who have auto forwards on their email accounts to receive those at the final destination. As right now even though they come from a legit source they get blocked due to their final hop being not from an SPF record.
            related case number is 4560239

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • POP3 Exception List for DNS Host

              I have subscribed to a email forum.
              All emails come from an IP address the forum server (email server) but because all the emails come from the subscribed users address. The Sophos UTM says all email is SPAM and quarantines them.
              You are able to add an exception for a DNS Host or Host but this is not processed.

              Please fix this functionality.
              Thanks

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • OpenAppID

                Add OpenAppID

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow traffic counters to be set based on device group

                  Please allow us to set a global policy for data usage or at device group level, as we have a number of devices I have to set each phone with its relevant data usage allowance, when every phone in the group has the same I could specify it on the group and then if set at phone level its set by exception.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Automated GEO-Fencing reports for locatable devices.

                    A Client has a need to generate an automated report that confirms the geo-location of each device at a set interval. For example a report that states where each enrolled, track-able, device was on the hour through a 24 hour period.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                    • Email Protection > Quarantine Report

                      Within the WebAdmin console under Email Protection > Quarantine Report > Advanced Tab, you have the ability to select what types of emails can be Released by Users. Would like to have those same options available as a What types can be Whitelist'ed by Users.

                      Secondarily, Add a tab under the Email Protection > Quarantine Reports that allows customization of the Quarantine Report that is sent to users. Allowing administrators to modify or select what is and isn't included, as well as editable text like the Blocked Webpages and such have already.

                      5 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • DNS request route based on source network/hosts

                        Network Services / DNS: currently, all allowed networks/hosts are able to resolve dns request defined under "Request Routing". Would be more secure, comfortable and more granular (especially for multi tenant enviroments) to create request routes based on source networks/hosts.

                        e.g. dns request coming from NET XY trying to resolve domain.local -> request dc01.domain.local -> allow. All request coming from e.g NET YZ -> domain.loca -> deny/discard

                        9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                        • Regular Expression Blocking on firewall

                          Regular expression blocking should be available in firewall rules.
                          Firewall rule blocking only allows to match DNS Host and DNS Group.

                          Today i encountered an issue where i put firewall rule to deny requests from semalt.com to reach to our web servers. They start sending the requests to semalt.semalt.com with a different ip. So, i have to do that manually as well.

                          Firewall rules should have the ability to block from regular expressions which allows a user to deny anything that comes or before "Semalt.com"

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Show username in FlowMonior

                            Show username in FlowMonior from the dashboard.
                            It's usefull to view the client, the bandwith usage but also the username due to understand who generate some kind of traffic.

                            7 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                            • App for Windows Phone

                              In Windows Phone 8.1 you can setup a VPN. But only with ikeV2. But Microsoft offers the possibility of using an App, to aply more autentication-standards. Now there are only 2 Apps, who can handle this. Its JUNOS PULSE VPN and SONICWALL MOBILE CONNECT. Both are incompatible with Sophos UTM. So please add IKEv2 Support or an App to the Winodws Phone Store

                              12 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                              • SMTP RCPT TO response time should be faster

                                Apparently, major email carriers and email filtering companies are starting to move to a more aggressive timeout for RCPT TO and other SMTP responses. For one, McAfee (MXLogic) uses a default of 60 seconds for RCPT TO timeouts. The RFC is for five minutes (300 seconds), but they apparently ignore this.

                                To keep up with these changes, the UTM should be able to provide RCPT TO responses in under 60 seconds, at least when address verification is turned off (ideally all the time). Problems with receiving emails from people that use major carriers like McAfee makes Sophos look bad, even…

                                6 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • 1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow more detailed modifying of UTM WAF rules and behaviour. (ModSecurity function)

                                    UTM preventing some internet traffic going to e.g. apache linux servers due to escaping of the \ which is required for all systems to be able to identify a character such as $ or @.
                                    When this happens using multiple layers of backslash escaping, Sophos treats this as an SQL Injection. There is currently no way of modifying this behaviour legally, and you need to enter SQL Injection Bypasses on particular pages on your Apache hosted site, which is not optimal.

                                    Giving end user some more power on what should and should not be captured via an advanced profile option,…

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Reporting: NetBios and Bonjour name resolution

                                      The reporting only shows IP address and with DHCP turned on can very difficult to track down the machine. Honestly I feel this is VERY VERY critical to have. Otherwise reporting is almost useless.

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Sophos SMC console feature to remove device applications when installed by end users

                                        Currently there is a limitation with the SMC console - device applications cannot be uninstalled remotely when the end user has installed it from the device.
                                        We would like to see a feature from within the SMC console to manage all device applications - providing the ability to uninstall applications on devices e.g ipads/iphones whether they have been installed by the end user or not.

                                        4 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                        • STIX Importing

                                          Have the ability to import STIX entries (Structured Threat Information eXpression) for automating rule creation.

                                          http://stix.mitre.org/

                                          10 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base