Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Enhancement request for Clipboard dialog in menu

    We have a request from a large customer to enhance the clipboard dialog in the menu.
    It is very clumsy to work with the dialog as some usual feature are missing. Please add

    Button 'Select all' - like CTRL+A in about every Windows application
    Button 'Copy content' - (or better copy this every time automatically if the clip-board will be shown) - like CTRL+C
    Button 'Delete content' - like CTRL-X
    Button 'Show All' - like a Form maximize button to resize the dialog to show all content
    Currently there is just a 'Send to Server'-button but no functions to copy,…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    • Dyn-compliant Endpoint Updates for HE Tunnelbroker

      For anyone who is using HE tunnelbroker, if you do not have a static ipv4 address, the tunnel will break if you get a new address. To work around this, HE copied the idea of dyn by creating a website that you can pass your username, password and tunnel address to update the tunnel. It's intentionally very similar to dyn, but unfortunately, the dyn update in utm seems to be hard coded.

      Here is the format: https://<USERNAME>:<PASSWORD>@ipv4.tunnelbroker.net/nic/update?hostname=<TUNNEL_ID>

      It would be a useful feature for utm to be able call this similarly to the way tui calls dyn for the…

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • 3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
        • Network connection speed display in UI

          In the webadmin i can't see the uplink speed of a network card. We have different speeds on our internet uplinks and would like to see if the uplinks are 10, 100 or 1000Mbit. Contec ISC suggested the use of "ethtool eth0" on the console, but as a non-linux guy i would prefer a display in the webadmin.

          Also most of the nics are on auto configure and i would like to know of the uplink speeds change, although this could be managed by setting the uplink speed to fixed and relying on a failed uplink, although this would result…

          16 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Option to directly enable new rules

            Give a checkbox to directly enable new rules

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Ability to use WAF and SSL VPN on the Same Port and Interface

              Currently, if you do not have a additional address, you cannot use WAF and SSL-VPN on the same port. Could you simply not have a WAF rule that redirected SSL-VPN traffic back to the UTM?

              Than you could just use a domain name like "myvpn.example.com" to route your vpn traffic will still being able to use other domains names for ssl websites.

              21 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
              • Improved Apply Functionality

                Improve the Apply Functionality either by an Apply All Button, reminder to Apply, change Apply color on changes or sth. similar

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                • Directly support blacklist rsync'ing

                  Directly support (on high volume or access-based lists) to rsync them and provide them locally by a local running RBLDNSD instead of using the public data feeds

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Wireless: Control speed per-client using Hotspot

                    When e.g. 10 devices online, they all have to share the bandwidth set with QoS. I think it would be better to set the limits for the whole wireless guest network higher and set a maximim speed per device.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Web Server Security: Support for Wildcard Domain Routing

                      It would be great, if you could add " *.domain.com " in WAF.
                      So that you dont need to add every single FQDN for every site.

                      95 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        8 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Unattended installation via config file

                        For documentation and compliance reasons it would be helpful, if we could install an UTM Device in an unattended way by simply edit an config file (like an unattended.xml file for Windows Server) Doing so, we can copy this file into our documentation and typing errors are avoided. It would be great, if this answer file could be located in a virtual floppy or an existing virtual harddisk, because we use the utm in a virtual enviroment.
                        Many thanks, Thorsten Raucamp

                        9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                        • SSL POP3

                          A lot of users use ssl for pop3 In this time the mail-proxy don't support ssl pop3
                          I think in a security product must this feature implemented

                          8 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • AV scan for file extensions within zip files

                            It would be great to be able to AV / Malware-scan within unencrypted ZIP files for particular file extensions. E.g. exclude exe contained in a zip file.

                            21 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add the ability to use IPv6 6RD.

                              I recently got an Actiontec C1000A for my CenturyLink account and noticed it only supported IPv6 6RD, not PPPv6.
                              I'd love to see 6RD added as a feature. I was reading that 6RD was added in the 2.6.33 kernel.
                              As we move forward with IPv6 I think more ISPs will be utilizing 6RD to slowly role IPv6 out.

                              56 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                4 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                              • OSPF and Route Summarisation

                                Inter-area route summarisation is should be possible on the firewall when acting as an ABR. Currently this feature does not seem to be available.

                                I have a number of firewalls connected to area 0 and one interface on each is connected to a different area (1, 2, etc) on other each of these. All the IP addresses in area's 1, 2. etc are summerisable (each to a /19). Currently all the individual ranges are passed into area 0 (there are multiple /30's and /27's, etc in the areas behind the firewalls), where the /19's would be sufficient pointing to the…

                                5 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Networking: Control IPSec VPN Route Orders

                                  Please add Support for route based vpn so you can prefer the BGP route first followed by the IPSec route if your BGP route is not available.

                                  16 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    Under Review  ·  1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Different access right for hotspot in User portal for each account

                                    Access right for Hotspot configuration should be down to hotspot level.
                                    One user should not be able to configure all hotspot.

                                    18 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • IKE Debugging for single VPN Tunnel

                                      IT would be nice to get debug information for a single vpn Tunnel. At the moment the IKE Debugging can only be enabled globally. This creates an hugh amount of logging traffic if you have some more Tunnels. And mostly there is only one tunnel to be analysed.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Firewall Events : Filter with computer name

                                        ADD the category "Computer name" in Firewall Events in order to filter events with computer name.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Source IP restriction for website / paths

                                          Please implement the ability to restrict access to specific paths on a website to defined source IP's. Usually this has been done on the webserver, but NAT'ting of the Webserver Protection breaks this feature on webservers (sees the internal IP of UTM instead of public source IP).

                                          Usage Examples:

                                          a)
                                          Website globally allowed
                                          path /administrator only allowed to defined source IP's

                                          b)
                                          Partner hosts a private company Website - should anly be accessible from Company public IP's
                                          path / only allowed to defined source IP's

                                          39 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            3 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base