Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Enable support for SR-IOV with Broadcom cards

    Current kernel doesn't support IO-SRV with bnx2x driver. Bnx2x driver should be recompiled with CONFIG_BNX2X_SRIOV to allow better performance in virtualized environment.

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
    • 1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
      • New DynDNS provider: OVH

        Update-URL for OVH is on the bottom of this page: http://hilfe.ovh.de/DomainDynHost

        I'd like to see this implemented.

        6 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Repurpose SG1x5 as a RED device

          Allow a growing organization to repurpose a SG105 or 115 as a RED device as their needs grow. This would avoid trashing the device when you outgrow it.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
          • support compression when the Common Threats Filter is enabled.

            support HTTP compression when the Common Threats Filter is enabled.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • IP Ban/Black list (quickly accessible - dynamic)

              Very very often there are random attacks (SMTP/WEB/SSH etc.) occurring from a certain hosts/bots - often small pool of random addresses.

              It would be EXTREMELY handy if we could have a Quick-Access-Dynamic-Absolute-IP-Blacklist.
              What would be even better is if we can create and maintain such lists per interface basis. (one for WAN, one for Internal1, one for Internal2 etc.)

              No host definitions, no firewall rules, no network definitions, no timeouts, no application filter, nothing.

              Just a plain simple, clean, one-click away, absolute IP ban/blacklist.

              16 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • IP (source) block

                static:
                not groups (as a country) or range. But a single address that is attacking the UTM.

                dynamicly:
                (already present?) in one clear list. blocked GEO's or ranges. Temperal bans from the firewall by detected attacks. and the manual blocked ip.s

                When blocking the ip (or small range) chance to select: 30 min, 1 hour, 1 dag, 1 month, for ever.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Notifications for HotSpot

                  Allow enabling notifications for HotSpot login/failures. While not ideal for all environments some admins need to know this information and giving the option would be valuable.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • configuration: search Configuration for ip

                    Search Configuration for IP to list every usage:
                    Firewall-Rule
                    Route to this IP

                    Maybe you could add this search to the dialog "new Object Definition" after some time i found multiple definitions für the same Subnet / Host because someone didn't gues the correct Name

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                    • Block the UltraSurf Proxy

                      A lot of users are using the UltraSurf Proxy to bypass the the Network proxy and access the blocked sites like youtube and facebook and ***** websites.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                      • 1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Enhance Application Control App Categorization

                          Lot of people would like to be able to easily block advertisers, web trackers and analyzers to enhance their surf experience in general and to enhance privacy too by blocking all those trackers and analyzers.

                          There are already >150 of such advertisers, trackers and analyzers as apps in the UTM's application control. Sadly all of them are categorized as "web services", which is misleading andunhelpful, as in this category are also CNET and Mozilla downloadservers, CDN's as Akamai etc., whic disallows a simply general block af that category.

                          I propose, that this "web services" category will be splitted further into …

                          178 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                          • Place hotspot in front of VPN to protect access on remote sites

                            It would be Nice to have some kind of Hotspot not only in front of Interfaces but on Connections.
                            example:
                            bevore granting access through a site-to-site vpn the http or telnet / ssh request on a target-device is intercepted and replaced with a Form to enter Credentials, after successful authentication it will allow the connection from the specific source ip.

                            I have seen this Feature in a Cisco Pix and the Customer needs this feature to replace his old Firewall.

                            Cisco Command Reference:
                            http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/a1.html#aaa_authentication_match

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                            • UTM as a NAC-Appliance

                              setup UTM as a NAC-Appliance where Switches can connect (via Radius?) to authenticate the connected devices and push them into specific vlans

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • sandbox (Advanced Threat Detection) with embedded Windows for unknown threats

                                Hi,
                                this is probably something hard to add but Sophos UTM shoudl add this ATP with VMs inside for checking behavior of unknown threats. Since commodity hardware (hdd/ssd) it should be easy to bump up this storage requirement. Sandbox can be used for web protection, web server protection and email protection. Other vendors already have this capability but Sophos can really integrate it.

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Import IP addresses from txt or CSV file to network definitions in Web Manager

                                  I have over 3500 IP addresses I need to add into my network definitions. I need to add them all to firewall definitions. It would save me so much work if I could just import these IP addresses as a CSV into a bunch of network definitions.

                                  It would be even more advantageous if I could import the IP addresses to network definitions and have them all automatically go into a network group.

                                  52 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    2 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • RED: VLAN Tagging and Sophos AP Support in Standard/Split Mode

                                    Actually there is no way to use VLAN Tagging and Sophos Accesspoints on RED Sites if Standard/Split Mode is selected.
                                    Why: If there is small internet connection on the UTM Site, it is useful to route the Internet traffic directly to local Internet router on the RED Site like Split Mode.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Firewall Automatic UPnP Option

                                      I saw an older post about having to option to enable UPnP on the firewall. I understand that it is inherently less secure so should be disabled by default. Would be nice to enable it by even a per IP or MAC basis. With all the other features of the firewall that can detect botnet traffic it shouldn't be that big of a downgrade in security. I've tried Sophos UTM Home for personal use and punching holes in the firewall for every single device was hard enough let alone how it would be for a larger network makes it hard…

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Email Encryption: Add internal encryption / Add feature to send the password via SMS

                                        Email Encryption: Add internal encryption / Add feature to send the password via SMS

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Email Protection: Add DNS Group as Smarthost

                                          When use a smarthost for outgoing email it is not possible to choose a DNS Group

                                          6 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base