Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. RED: DSL/VDSL (PPPOE) Support

    RED should be able to do DSL/VDSL (PPPOE), as this way it can be used with an ISP which is very common worldwide in requiring authentication against their modem.

    277 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      21 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    • Networking: Local Radius Server on ASG

      Cause small offices (planning offices, Laywers, etc.) are not using a windows server AD but like to use WLAN (cause there´s no cabeling needed) a local radius server would be helpful (i.e. available on Linksys Routers with TinyPEAP or via DD-WRT) to authentificate the users with a central security. So a local user database is still on the ASG. Why not implement an optional radius server instead of pointing to a local one on a windows server?

      283 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        10 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Networking: VLAN and LAN on the same Interface

        It is useful to have LAN(default) and VLAN on the same Interface, so you can have one uplink from your switch, at this time you need 2 cables to connect your switch.

        105 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          2 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Wireless: Bind SSID's to an Interface

          I think it would be very useful the possibility to choose the interface card that you want to use binded to a wireless interface. In this way, if you have for example 3 interface cards that you want to be available for an AP (and all AP are connected to the same interface, ie internal), you can bind each SSID to a specific interface without manually creating any Wi-Fi network, and avoiding to duplicate-triplicate the packet filter rules, DNS configurations, masquerading configs, proxy profiles, and so on.

          IE: You have Internal, DMZ, Guests physics interface cards, you will simply:

          Bind…

          2 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Networking: Per-User Bandwidth Graphs (QoS Graph)

            Add the ability to see selected (or all), bandwidth graphs per user. I would like to be able to specifically show my users, that they are using X amount bandwidth.

            695 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              40 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
            • Logical DMZ

              Suppose I have one device which needs unfettered access to/from the web. If my machine is out of NICs, I cannot dedicate a NIC to a DMZ "network". I just want to allow one particular device to come and go without restriction. It would be nice to be able to logically DMZ a host based on IP or MAC address for that purpose.

              NOTE: I am aware that I can create IP Filter rules and DNAT rules for a host to have *seemingly* unfettered Internet access, but trust me... that does not work for some devices. I have tried... several…

              10 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                3 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • 1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  Under Review  ·  1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Provide the capability of prompting for a username / password to a port access by using the local db

                  Same principle as VPN but using SSL for the port. Too many sloppy apps are being developed for devices that do not have support for SSL as part of it. So, if the port assignment is unique the ASG can then resource the local security db for authenticating that the VPN service also uses.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    Awaiting Feedback  ·  1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • Network Security: Default new Packet Filter Rules to top

                    When adding new Firewall Rules, make it so that I can set a preference that all new rules will be auto-placed at the top.

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Mail Security: Link to UserPortal from Quarantine Report

                      My users have requested a direct link to the user portal in the quarantine report emails they get. It's a surprise the feature is not in them already.

                      26 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        Under Review  ·  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Filter based on user-agent

                        Redirect (or block) to another proxy based on user-agent received by HTTP/S Profiles.

                        We run an apt-cacher proxy on an internal host since I no longer have the space to dedicate for full mirrors. I want to catch all request for user-agent with string "APT-HTTP" and redirect those to the apt-cacher.

                        10 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Networking: Concurrent Connections Limiter

                          At this time there is no possiblity to limit the external connections from the ASG to a specific IP/ server.

                          At our production location we have to use an external party that has a very strict firewall. If more than lets say 100 connections originate from the same IP, this IP gets blocked.

                          It would be nice if an option becomes available in the ASG.

                          12 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Web Security: File extension blocking inside archives

                            the need to block specific file types will have multiple customers and with the Extension-filter it works just under the circumstances that files are not inside an archive.
                            There is the need to block these files also in f.e. "ZIP" archives.

                            36 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • WebAdmin: Management role for site-to-site VPN

                              In the Astaro Webadmin there are managment rules, but not a dedicated one for Site2Sitemanager. Please add this.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                              • Networking: Time-Based quality of service rules

                                Add option for Time-Based QOS rules, Where we can assign time and Bandwidth to a Network.

                                83 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  Under Review  ·  13 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                • 5 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  AstaroOS  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Mail Protection: Authenticate against the SMTP server for relaying

                                    Mail Security feature could be augmented by implementing an SMTP AUTH mechanism for authentication of SMTP users against the target SMTP server. Sometimes this is needed for customers who can't use LDAP/AD because some users are defined locally on SMTP server only and are not present in LDAP/AD structure.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • RED: Combined Red and Access Point

                                      Have the RED device come with a built in wifi access point similiar to the new offering from Meraki (MR12/16/24).

                                      12 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Web Protection: Create Auto-Configuration file Automatically

                                        Since the ASG is the proxy, and it knows what methods are allowed and for/by whom, and when (we have some time-based profiles for our factory area) then why does it not auto-create the necessary code for autoconfig to work instead of us? Would be great instead of trying sample code and replacing the names, addresses, and so on with our real data?

                                        2 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • WebAdmin: Force password change upon first login

                                          a optional Checkbox in user creation menu with that feature would be nice.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base