Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Server Protection: "Sticky" sessions between HTTP and HTTPS

    It is possible to have sticky sessions using the WAF, however, in our e-commerce websites, we use both HTTP & HTTPS. Sticky sessions work only during the HTTP session, and when the user changes to an HTTPS links a new server may be assigned. Sometimes we can loose the session as a result.

    6 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Adobe Flash integration in html5 clientless vpn

      The new feature "clientless vpn" with RDP, http, https in UTM9 is good, but there is no flash integration for the html5 connections, so are a lot of things not accessible.

      I suggest to integrate flash for the html5 clientless vpn

      41 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
      • AP-50 Option to push client to 5GHz

        It would be a nice option for the AP-50 to push clients to 5 GHz if they support it, before using 2.4 GHz.

        17 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Networking: Automactially update DYNDNS after failover

          We have our Astaro 425 configured to fail over to a secondary internet circuit (CenturyLink) when the primary one (Time Warner) fails. Since we have over 25 different external host IP addresses that would need new IP address assignments when failed over to the new circuit we created a CURL script to update all of our DynNet DNS records. Since the CURL utility is already included in the Astaro Linux OS a simple command could be issued as follows: "curl -k -K /home/login/cl_curl_input.txt" to change our DNS records over to our CenturyLink internet public IP addresses after the CenturyLink interface…

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow Red to operate in "gateway only" mode on the remote network.

            RED would be connected to the remote network using only a single LAN connection. RED would DHCP an address on the network and use the single interface as a gateway for traffic to the UTM as well as to establish the tunnel between the RED and UTM. Allows a drop in RED device at remote location with no reconfiguration of the network required.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
            • Web Protection: Allow Overriding the Content Filter for File Extensions

              I have URL Filtering set up to allow an Active Directory group to temporarily bypass the URL Filtering by entering a users AD credentials. Is there a way to allow an Active Directory group to TEMPORARILY bypass the extension blocking such as an .exe file in the same way by entering user credentials?

              13 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Wireless Protection: Give vouchers an expiration period or an expiration date

                It should be possible to give hotspot vouchers an expiration period in the voucher definition so that they get a fixed expiration date when they are created.
                After the expiration date the voucher should be disabled (and maybe automatically deleted) no matter if it is in use or not. The expiration date should be shown in the user portal and printed on the voucher.

                This is important to us because we create an amount of vouchers for our guests when they visit us. Some guests use it some not. Some vouchers lie around for an amount of time. At the…

                63 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  3 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Networking: Integrated inventory manager

                  Add a network inventory server like LanSweeper or SpiceWorks to the UTM. It would add great value to the product.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                  • Silently drop emails to certain recipient addresses

                    It would be very useful if the Mail Protection module could silently drop emails that come in to addresses such as donotreply@domain.com without producing a bounce. This would take lots of pressure off the Exchange servers it is protecting.

                    8 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Reporting: report on the internet usage of all users during business hours only

                      Allow admin to create the report on the internet usage of all users during business hour only.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                      • VPN: Support for Microsoft Terminal Server via HTML5 VPN

                        It would be nice to add/implement Remote Apps to the HTML5 Portal as well , instead of Remote Desktops Connections only

                        38 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                        • Network Protection: Wizard for Firewall Rule Creation

                          Could have predefined configurations of NAT/firewall rules that can be tweaked in a creation Wizard. .

                          6 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Web Protection: Exceptions for Unscannable/Encrypted Files

                            At the moment the astaro can only allow or block unscannable and encrypted files globally. Please provide a possibility to set this up for certain domains.

                            6 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Manual option of pop3 prefetch

                              If pop3 prefetch fails connection continuously 4 times, it will stop operation.
                              And users can't receive mails entirely.
                              For recovering this, it is necessary to access the database of SophosUTM.
                              The operation of a database is difficult for users.
                              Please add the forcing execution option of prefetch.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Web Protection: Allow blocking Flash/ActiveX/Java Separately

                                Especially Flash is mostly used by many internet pages, but we want to block Java, due to the security issues!

                                In Version 9, you can only choose the three methods together.

                                23 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Support for Microsoft Mini driver smartcardsw (e.g. HID Global Crescendo C1150) in SafeGuard Enterprise PoA.

                                  I suggest to add support for Microsoft Mini Driver smartcards in SafeGuard Enterprise PoA authentication window. These smartcards that do not require drivers in Windows are getting more and more popular, thus important to be supported in SGN.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support for server platforms in client module SafeGuard Encryption for File Shares.

                                    The network file encryption module SafeGuard Encryption for File Shares needs to have support fo server operating systems, e.g. for use with Microsoft Terminal Servers.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Networking: Support DYNDNS with IPv6 Addresses

                                      More and more internet provider already hand out IPv6 addresses but the UTM doesn't allow dyndns with IPv6 addresses. Because of that most features can't be used if you don't get a static DNS entry..

                                      9 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • 2 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Mail Security: group recipients by mail adress

                                          Within the Top10 Recipient list of the daily excecutive report, each different header adress is seperated. For example, "user.name@domain.com" is treated as different account than "User Name <user.name@domain.com". That makes it unnecessarily hard to manually calculate the total amount of emails received by one user on one day.
                                          My suggestion is to count every single mail to a unique adress, regardless of the header. In my aforementioned example the adress user.name@domain.com would have the amount of 2 emails, instead of 1 for each different header.

                                          5 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base