Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. SSL VPN DNS per USer or Group

    Possibility to assign DNS Server per user or group, not only global.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • NVGRE Gateway for Microsoft Network Virtualization

      Software Defined Networking (SDN) is the future and Microsoft has laid out their recommended topology for utilizing Network Virtualization with Hyper-V/SCVMM/Azure. The only way for a user that is relying on Astaro for their current networking/routing to setup a NVGRE Gateway (Network Virtualization General Routing Encapsulation Gateway) is to take 2x dedicated physical Hyper-V hosts and install Microsoft's Windows Server Gateway (WSG) into 2x child clustered VMs running across of the Hyper-V hosts. It would be ideal if Sophos UTM users could skip the WSG and use the Sophos UTM as the NVGRE. A proper solution would fully integrate with…

      6 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
      • Configure Network Services from New Interface Dialog Box

        Add the ability to create a DHCP scope and add the new interface network to DNS and NTP allowed networks directly from the "create new interface" dialog box. Also have a checkbox option to automatically create a masquerading rule on the uplink interfaces for the new network.

        6 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Can trace user to find the data retrospectively

          We always want to know who using the bandwidth, who take all resource at the moment, but it is very hard, we need it to trace easier

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
          • Add search capability to blocked emails.

            I sometimes have 500 or more emails in my blocked email list. It would be great if we could search through the email to find messages to unblock. An example would be if an email had an invoice number in the content or a product name such as Autocad. We could search on a word or number to find any blocked emails that we want to unblock.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Make guests enter email for hotspot access and reporting

              Option to make guests enter their email address for hotspot access and the ability to create a report to list all captured email addresses.

              20 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • E-Mail report on UMTS Failover

                It would be nice to get an E-Mail notification on UTMS-Failover situations.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                • Drain stop real servers in WAF

                  When one would remove / disable a real server in WAF, all connections are immediately killed. It would be nice if there is an option to drain a real server. So WAF would stop sending new connection to that real server, but established connection would continue until they're terminated by client/server.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Wireless: permit to disconnect a logged-in user (by voucher or backend ...)

                    I would like to have an option to throw out a logged-in user identified by backend or voucher

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Provide Mobile email users ability to submit spam messages. The iOS is unable to forward email as attachment - is there another option?

                      iOS users are unable to forward email messages as attachments to the is-spam address for submission. How about if the mail log had a set of options for messages to be submitted as spam or retrieved for delivery to the inbox when improperly removed as spam?

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • IPsec connection over secondary interface IP

                        On Sophos, when we configure a VPNIPsec connection we have only the option to select interface, and it always use the primary IP. I suggest to have a way to use the secondary IP of an interface for the IPsec connection, for when the link provides more than one valid IP address.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                        • Notification for mail sender about delivery problems

                          The internal mail sender should receive a notification if the UTM has problems to deliver the outgoing mail to the external mailserver. At the moment the sender receives a non-delivery report after 48 hours. That is sometimes too late, because the sender means for two days his mail is sent.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • No beef-dead-beef test packets on RED LAN Ports

                            beef-dead-beef Packets are sent to test if the WAN tunnel has built up correctly. So in my opinion it is just necessary to broadcast them on the WAN port of a RED. We had an issue with these packets on the LAN ports on a RED which we have fixed through an workaround (we blocked beef-dead-beef on a switch).

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                            • The HTML5 portal can use the client broswer or compatible with Citrix client

                              That's help us if HTML5 portal can use the client browser or the if HTML portal can use the Citrix client to connect user to xenApp or xenDesktop.

                              Thanks !

                              6 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                              • For the Sophos UTM, Endpoint Protection

                                Under Endpoint Protection > Antivirus > Exceptions

                                When selecting the exception type for "Adware and PUA"
                                It asks for the "File Name:"

                                Can this be changed just to say "Adware/PUA Name" or "Detection Name" ?

                                As this can be misleading and appear to create exceptions based on the file name itself, rather than the detection name our labs use.
                                Eg; adding PsExec will only exclude files that can be called anything at all, but are detected as the PsExec PUA - so other files called PsExec aren't effected. If the customer renames any PUA files and tries to exclude them…

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Need to set up 2FA

                                  Can you set up Web Application Firewall section to allow reverse proxied sites to use 2FA but not the one time password used by the UTM. Namely we use Vasco fobs as a Corporate Solution and would like one site to use this facility to authenticate but not the other web sites we reverse proxy.
                                  Thanks

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Proxy profile firewall rules

                                    We need to be able to use firewall rules to prevent access between networks, however the rules do not apply to HTTP traffic when using transparent proxy.

                                    Can you add on the functionality to either:
                                    A )Have a http proxy profiles as a definition which can be used within a firewall rules / routing e.t.c.

                                    B) Be able to add firewall rules against a proxy profile.

                                    Thank-you

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Would like to exclude forwarded emails with .icap (In-Copy files) attachments

                                      We have a rule that redirects all archive emails to our Helpdesk for analysis, but it redirects emails with an attachment of .icap (In-Copy files) and we would like to exclude this type of email from being redirected.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • LAN link Monitoring similar to Uplink Monitoring

                                        I want the UTM to monitor a Lan link and take action if It detect a failure in this link , similar to the ones already exists for Uplinks.
                                        In other word , to separate the Monitoring function from the uplinks , so I can choose which links I need to monitor, perhaps uplinks, may be LAN links in sometimes, then take appropriate actions according to.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Provide the Two-Factor-Authetication as a radius service, too

                                          Hi, great that you know implemented a 2FA with OTPs. With that it is now possible to secure applications dealing with the Firewall or, in combination with reverse Proxys, even to secure web-based third-party applications. But what about non-browser based 3rd Party Tools? Wouldn't it be great to provide the 2FA also as a radius Service for those other programs? For us it would be. We are running e.g. a Password Server app that has a webinterface AND other user guis like Mobile apps. With a reverse Proxy, we could try to secure this Service from outsides threads via 2FA…

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                          1 2 5 7 9 89 90
                                          • Don't see your idea?

                                          Feedback and Knowledge Base