Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Logging for hotspot vouchers

    Tie the ip address where the voucher is used to the voucher code so that we can see where individual codes have been on the internet.

    A voucher network like the user network where it contains all the ip's where they have been used would be good. We can assign a single voucher to a single device for staff BYOD devices, but in some cases we can have one voucher for 300 devices (Guests BYOD). But we need to see where voucher code blah blah blah has gone on the internet.

    Many thanks

    12 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Multi-Forest and Multi-Domain SSO

      Allow multiple AD Domain/Forest SSO whee thee are more than one AD Forest/Domain

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • Safeguarding reports for Schools

        Enable safeguarding reports based on terrorism and radicalisation as these are now wildly required in schools

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • email on vpn connection

          Get an email alert when a specific user logs into the VPN

          8 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
          • Adjustable response to SPF Records with ~all

            We get phishing mail with faked sender!
            Examples:

            mastercard.com text = "v=spf1 include:spf.protection.outlook.com
            include:deliverygateways.masercard.com include:external.mastercard.com include:ma.mastercard.com ~all"

            paypal.com text = "v=spf1 include:pp._spf.paypal.com include:3ph1._spf.paypal.com
            include 3ph2._spf.paypal.com include:3ph3._spf.paypal.com
            include:3ph4._spf.paypal.com nclude:c._spf.ebay.com ~all"

            The problem with this is ~all

            The UTM marks the mail somewhere in the header and forwards it.
            This is not good!

            It would be better if you could adjust the response to such a mail:

            reject this mail
            accept this mail
            treat this mail as SPAM (marked as SPAM)

            It could thus enable a lot more control over such mails!

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • prompt for credentials when using NLA with HTML5 VPN Portal

              Instead of having to enter static credentials in the Admin Portal for RDP connections with NLA, the user should be prompted for their credentials when using the connection. Having static credentials doesn't make sense when only admins can enter them (meaning the admin has to know everyone's credentials) and passwords are changed on a regular basis (meaning the admin has to update the password on every connection every x days).

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
              • SSL-VPN Client for Windowsphone 10 (WP10)

                Would be great to have an installable SSL-VPN client for Windowsphone mobiles.

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow IPsec phase 2 SA lifetime to be specified in kilobytes as well as seconds on the XG firewalls

                  Currently phase 2 SA lifetime can only be specified in seconds, however other devices often include a lifetime in kilobytes as well by default (such as Cisco ASAs). When connecting to outside organisations they often request this setting to be configured.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                  • DLP - Need More Granularity in CCL

                    We need to be able to more precisely control the CCLs, should be able to drill down into the individual categories and select/deselect what we need.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Social Media Intelligence

                      As you know technology has evolved very quickly, even social media platform such as Facebook, Google+, Linkedin, Twitter and etc. can also know as cyber threats and threats that can be prevented by early detection and containment before an attack towards a company. I would suggest by having a feature; social media intelligence gathering, for detecting, analysing, reviewing. Hope that you could consider this as a feature. Hope to hear from you soon. I hope this idea will favour Sophos in times to come especially if there is BYOD monitoring.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • 1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Update Data protection database on Sophos Enpoint Protection

                          My customer had bought the Sophos Endpoint Protection Standard.
                          And Data protection function can not block the *.3dm file according to their need.
                          I have recently opened the session to Sophos support but still not up2date yet.

                          Now hope you up2date database for Data control on Sophos Endpoint Protection to block the .3dm file.

                          Please update as soon as possible. My customer are complaining about it!

                          Thanks in advance,

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • On behalf of Customer: Ability to use our own icons in the credential provider.

                            We have customised the windows logon provider with our own company logo icon, once Sophos is installed this is changed to the Sophos logo.

                            To ensure that this does not cause undue grief, we have used a non-supported method to modify the bitmap in the SGNCredProvn.dll file. Sophos should supply a support method to add a custom bitmap to their credential provider

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Option to disable the Windows Credential Provider during install / Policy

                              The installation of Safe Guard adds a new credential provider, this can be quite confusing to users and when accessing a system via a Remote Desktop client you are presented with 4+ options of Credential Providers. (on some laptops this menu option is larger than the screen)

                              To counter this we disable the Windows logon provider by adding a DWORD Disabled = 1

                              To

                              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}

                              This should be an option in the Safeguard Policy / installation

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Removal of the Domain Drop down option in the Safeguard credential provider.

                                When using the windows credential provider the logon information is provider as domain\user (defaulted to our domain)

                                When using the safeguard credential provider there is a drop down to select the domain or local machine.

                                It would reduce the questions from users if the logon experience is the same across the systems.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • The Ability to access the management console with AD authentication.

                                  Yes we can promote AD users to be Security Officers, but they must still authenticate using their password that has been sync'd to the safeguard.

                                  If these users have not used sync'd their password by using a safeguard computer then they will not know their password.

                                  Some security officers may only access this console once or twice a year, so password will not be up to date.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Have an option to map network drives after connecting to VPN Profile. A setting either in the Client or the Remote Access Profile of the UTM

                                    Have an option to map network drives after connecting to VPN Profile. A setting either in the Client or the Remote Access Profile of the UTM

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Azure Validated VPN device

                                      Work with Microsoft to get listed as an Azure Site-to-Site Validated VPN Device.

                                      6 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Customization of quarantine notification emails

                                        We would like to be able to customize the notification emails that are being sent to users when an outgoing email has been quarantined.
                                        Currently it says:
                                        Subject: "Message delivery incomplete"
                                        Text: "Your message to the following recipients was quarantined: [...] quarantine reason: [...] Please contact your IT administrator for further assistance."

                                        It would be nice to change the text or even the layout to fit our corporate identity.

                                        37 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                                        • The Reporting Tool under Web Protection in the UTM does not show results for Google searches.

                                          The Reporting Tool under Web Protection in the UTM does not show results for Google searches. I called technical support and they suggested I put this in on the feature requests. I do not know if this is necessarily a feature that does not exist or if there is an issue with the reporting function.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base