Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SSL VPN virtual IP via DHCP server

    The Remote Client should get a virtual pool IP from the local DHCP Server when he is connecting via SSL VPN, instead of the UTM vitual pool IP.

    10 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    • LISP Support

      to bundle multiple WAN connections (Locator/ID Separation Protocol = LISP).
      And a ready to use EC2 Machine as endpoint for self hosting.

      13 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Application Control: Customer-defined application definitions

        Should allow customers to add their own applications in the list.

        This allows the customer to update faster its own list of applications

        61 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          4 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
        • Mail manager: alert when incoming mails are blocked in the spool

          When spooled incoming mails have not been sent to the mail server after a certain number of attempts, alert the administrator (by email) so he can download them if needed (for example with the current bug where the firewall do not send the end of certain emails to the mail server). Otherwise, there is no way to be alerted of such a pb.

          7 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Networking: Forward Ping for Devices behind UTM

            In V8 it was possible to Ping Devices behind the UTM Device, in V9 it is Disabled and could not be Enabled with a Packet filter Rule.

            This function is useful for us and our Customer which has Devices behind the UTM in his own DMZ that should be monitored by Monitoring Systems etc.

            27 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

              While already possible by disabling the built-in ICMP handlers and creating your own packet filter rules for explicitly allowing such traffic, we will review the operation of this behavior and if we can refine the GUI here.

            • Generate an email alert for high CPU and RAM usage

              It would be nice to be alerted via email (or other methods) when the CPU usage or CPU usage of the Sophos appliance gets above a certain threshold. We have had issues where our customers suffer from slow internet speeds that are caused by high device utilization. It would be nice to be alerted to this.

              22 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
              • Networking: RPC Connection Tracking Helper

                A port object that automatically unlocks the associated high ports for the RPC mapper, so you must not unlock all high ports for the RPC services.

                36 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Add regex-based Exclusions for "Sender Addresses" or Filter on X-Headers

                  I would like to be able to specify regex patterns for the "Sender Name" exclusions in SMTP settings. For example, our UTM receives mail from addresses such as

                  bounce-md_30007607.519e7a47.v1-a25b2b68efba4abe995e9d3a34f871a7@mail132.wdc04.mandrillapp.com

                  I'd like to whitelist these using a regex like

                  "bounce-md_30007607\.[a-f0-9\.\-]@mail[\d+]\.wdc\d+\.mandrillapp.com"

                  I would also like to be able to filter mail containing a header such as "X-Mandrill-User: md_30007607"

                  Would this feature be very difficult to add? It would make the mail filtering much more powerful!

                  7 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Wireless User Location

                    Create a map that would show wireless user current location based off of AP placement.

                    5 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • PPPOE Service Name

                      The ablitiy to specify a "Service Name" in the pppoe connection configuration

                      13 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                      • Make installation more forgiving and intelligent

                        Just because the CD/DVD got a read error, how about letting me choose retry or reboot. I could put in a different CD/DVD copy to retry. If I have to reboot, be smart enough to continue where last install left off, or at least the HD is partitioned and formatted. Waiting for a large HD to partition and format is a pain the first time around. How about a repair install, a bad sector taking out a file could force a reinstall.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                        • Custom ddclient config interface.

                          Need custom ddclient config interface. My provider is not in the list and having all possible providers in it is impossible.
                          Let us enter everything ourselves. Believe it or not but many of Your users are capable of filling in forms properly.
                          I'd like to be able to use the UTM builtins instead of servers in the back for this function. Also having 5 external ip's from my provider let's me dynamically update them individually.

                          24 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                          • VPN Client to support RSA Next Token Code

                            The VPN Client is not supporting the next token Code from RSA 2 factor authentication.
                            The User must use a different access to unlock the next token code mode.

                            9 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                            • VPN Client user details

                              Remote Access provides the information which user is connected.

                              I would like an option that also shows the device(iOs; Android, Linux, Windows, Mac) with which the user is connected.

                              7 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                              • mail stamp

                                i would like to raise a feature request. i name it "Mail Stamp" here.
                                customers have this feature running before they migrate to Sophos EA.
                                E.g. when a user send an email to external and this user is from @domain1.com, system willl be stamp at bottom of the email. we have create custom stamp coding using HTML code which include hyperlink and image.

                                0 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • WebAdmin: Add Speedtest.net support for Bandwidth Testing

                                  It would be a big help if TOOLS - had the option to select an interface then point to www.speedtest.net or a few user selectable speedtest sites and be able to run Download & Upload speeds.
                                  This would work especially on USB modem cards.

                                  Nothing worse than having managers ask if their network is slow or the provider.

                                  28 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Create debug script to enable easy debug activation

                                    Create a debug script, that regardless of method or module, can simple enable debug mode.
                                    For example, to enable debug for clientAuth, run "debug clientAuth on" which would invoke the appropriate command. And "debug smtp on" and so on.

                                    0 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Logging: Add feedback indicating search in progress / finished

                                      When Searching the log files over a long period of time, one cannot see if the search query had no results or is not completed, yet. It would help to see a message like "No matches for your search query" to know that the search is completed.

                                      It would be great if there was feedback indicating it is "still searching" and waiting to complete finished with an indicator telling me that no more results will be coming.

                                      0 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Web Protection: Have country blocking use the web templates like everything else does

                                        If you enable outgoing country blocking the web page you get when content has been blocked because of the country does not use the web template specified in the web templates area.

                                        0 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Splitting ports through RED tunnels

                                          It would be very nice if we had a feature to split ports (TPC/UDP) to pass through the RED tunnels. For exemple: Ports 80/443, should pass through RED tunnel, to be handled by Web Filter, and any other port will pass directly to the local internet link.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base