Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve the methods which delete older log files when log partition usage meets the defined thresholds

    Currently 3 thresholds can be configured to take various actions dependent on log disk space usage. When set to delete older log files, let's say - at 85% - this simply executes the logcleaner.plx job at 01:30am each morning. If the threshold is say 80% at this time, and subsequently lots of activity of the box, (typically abnormal activity) and the log partition fills up before the end of the day to 100%, then the raw log files fail to be compressed down by archiving jobs and stay at their current size - logging stops as syslog has nowhere to…

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
    • X-Forwarded-For

      Would like to see added the ability for the Web Protection proxy to read X-Forwarded-For from an upstream device. For example, users connecting through a load balancer would have the load balancer's information and not the original user's source information. Reading X-Forwarded-For would allow the appropriate web policy to be applied to users coming from the same IP address.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • DHCP MAC to IP Address table with timeout

        As an administrator, it would be nice if there was a DHCP MAC to IP address table for VPN users. It would also be nice if this feature would have a timeout value associated for the MAC to IP binding so that the DHCP leases will eventually recycle through.

        This feature would resolve an issue when a VPN User A logs in and obtains a DHCP IP address, if User A logs out and User B logs in, they will obtain the DHCP IP address of User A and be seen as User A within the Web Filtering logs which…

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
        • Ability for newly added VMXNET3/E1000 vNICs to appear in GUI automatically and without reboot of virtual appliance. Remove vNIC limit fo XG

          Ability for newly added VMXNET3/E1000 vNICs to appear in GUI automatically and without reboot of virtual appliance. Remove vNIC limit fo XG

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
          • Add ability to reboot computers from enterprise console.

            Ability to reboot computers from Sophos Enterprise Console. If you are a single admin...., there are many ways I find it useful.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Bridge - LTE to Ethernet

              I want to bridge my USB LTE (4G) modem to Ethernet.
              To my knowledge, this is not supported yet.

              More info: https://community.sophos.com/products/unified-threat-management/f/41/t/10885

              6 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • Need to have a central OTP management function...I suggest on SUM so that if you have multiple UTMs you don't have mult authenticators

                Need to have a central OTP management function...I suggest on SUM so that if you have multiple UTMs you don't have mult authenticators on your device nor do you have to configure the OTP function multiple times on multiple devices for multiple users. RSA has done this forever with their ACE server. Right now it is a disincentive to use best practice security with OTP given the onerous amount of setup and ongoing maintenance. Plus hassle scrolling thru 20+ auth entries on our smartphones

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • The ability to view configuration changes made to the UTM such as the creation/removal of firewall rules,nat rules, etc.

                  I would like to have the ability to view configuration changes made to the UTM's such as the creation/removal of firewall rules,nat rules, definitions etc. We would be looking at these changes on a weekly basis with our Security officer and for audit purposes.

                  Regards,
                  John

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                  • ASG Software - support Realtek 8179 WiFi for home users

                    I think this card should be already available in the stock 3.12 kernel. Would you please compile and include it in the ASG?
                    I'm using at home the ASG Software 9.352-6 installed on a Shuttle barebone. I'd like to make WiFi working with integrated Realtek 8179 WiFi mini PCIe card.
                    lspci -vv:
                    01:00.0 Network controller: Realtek Semiconductor Co., Ltd. Device 8179 (rev 01)
                    Subsystem: Realtek Semiconductor Co., Ltd. Device 8179
                    Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
                    Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
                    Latency: 0, Cache Line Size:…

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                    • Wildcard Domain Support for FQDN rule or FQDN host (*.sophos.com,*.iobit.com...etc)

                      Customer having cloud base solution need to create FQDN base firewall rule for high bandwidth or exclude for web filtering .

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • MAKE IT POSSIBLE TO SEND EMAILS FROM AN IP DIRECTLY TO QUARANTINE

                        We get ridiculous amounts of spam from mailchimp. We need to quarantine all that stuff and let users decide what they want to let through via their personal white lists.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • General deliver emails with big attachement

                          A function to send emails with big attachement would be good . The recipient will receive a link to download the attachement.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Export Firewall Rules

                            It would be very helpful to export the firewall rules in a readable,sortable and printable way, for example csv file.
                            If you have a big ruleset it is very tricky to get an overview to consolidate or sort the rules.
                            Furthermore you're not able to export the firewall rules to give it to other users, for example the rules for a special application.

                            14 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                            • OTP: Support for multiple profiles

                              Would be nice if OTP supports multiple profiles as it was done with SSL VPN already some time ago.

                              I should be able to select which user/group requires an OTP for which facilites.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • Access Control - "Restart IPSEC Connections"-"Right"

                                There has to be a "right" for restarting (deactivate and then activate) "IPsec Connection" which is actually not possible. There is now only a possibility to fully give access an user to "networking" or only "Read" rights which is not enough to restart ipsec connection. For example if you have administrators who have to be restricted on the sophos firewall but have to check daily tasks like check ipsec connections and restart them if needed, then this is not possible with the actual version 9.351-X. MAKE IT POSSIBLE PLEASE!

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                • Monitoring : Define SMTP Trap Intervals

                                  Possibility to define intervals for sending SNMP Traps . Per Example a Site to Site VPN is down, i would like to add sending an interval of Traps every 30 min until the VPN is on again etc.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                                  • UTM to track IPS alerts back to the original client machine

                                    As above. A feature that should have been included buts was left out.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                    • MIME-Type Blocking of Executables by SMTP

                                      Actually you can only quarantine executable content by MIME Type Filter. Please add the possibility to block executable content by MIME Type Filter.
                                      Thanks.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Replace attachments including viruses with text-files

                                        Possibility to replace attachments infected with a virus with a standard harmless text file.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Global URL block using RegEx

                                          I often find URL patterns that will take users to a domain to download a malware exploit kit and would like to be able to easily block this across all web traffic through the UTM using RegEx. At the moment I can only implement this at policy level and I have many policies that then require to be edited.

                                          2 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base