Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. SUM: Central Configuration of SSL Site2Site + Remote Access VPN

    - add Remote Access Profile configuration in SUM (!)
    ...just like:
    *click* [Add remote access profile]
    (1/3) for UTM fw72
    (2/3) for users <AD user group definition>
    (3/3) for local networks <local network, for example network reachable via site2site VPN>

    - add SSL Site2Site VPN option in SUM (Configuration > VPN), same/similar style as IPSec Site2Site VPN

    ...so you do not have to log into WebAdmin on every single UTM.
    imagine 50+ remote offices and you'd like to add a local (maybe testing-)network for SSL VPN users.

    4 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
    • HTML5 VPN Portal - Automatic login

      We want to pass the credentials of the Sophos users (AD connected) to the RDP (HTML5) session.

      4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
      • HTML5 VPN Portal - Application Level

        We want to directly launch an application via RDP.

        4 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
        • Upgrade to modern version of StrongSWAN which uses charon instead of pluto

          Astaro still uses StrongSWAN ipsec version 4.4.1 which is from 2010.
          The latest build of ver 4 is 4.6.4 in mid 2012.

          But with today's times.. they are up to version 5.0.4! Version 5 started in mid 2012 when they ditched the old Pluto package and updated Charon to handle both IKE 1 and 2.

          For a router boasting support, I'd think that would be a priority to at least be on-par with the open source technology.

          Then after you do this, you can update the GUI maybe also to handle exposing some of the ipsec.conf settings that it's hiding…

          130 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            11 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • SSL VPN: Configurable port-sharing

            [UTM 9.1] Openvpn port-sharing is automaticly used when using UserPortal on same port as openvpn (eg tcp:443), however If user wants to forward https traffic from openvpn port to another host, there is no way.

            Currently it is possible to bind openvpn to udp:443, and use DNAT tcp:443 to forward https traffic somewhere else, however if want to use tcp:443 on same IP, there is no way to easily configure port-sharing.

            It would be great if in "Remote access/SSL/Settings/Server settings/" would be additional field: Forward https requests to: $host $port. That would add simple line to openvpn.conf "port-sharing $host $port".…

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
            • canonical.com updates application control for QoS

              limit ubuntu clients to have a upper limit of bandwidth when downloading updates from canonical.com. Right now DNS Group only resolves one ip address when using dns group canonical.com.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
              • Create a cheaper UTM based on the tilera platform.

                Create a cheaper UTM based on the tilera platform 9 core cpu or higher. The Mikrotik products that I use have inspired me to request this. I know its lofty but it just seemed like a good idea.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                • In Secure Email Gateway

                  In Secure Email Gateway can you please add a twice a week SPAM notification email sent to the user (say Sunday and Wednesday)?
                  Currently it can only be set for every day (which is too frequent) and once a week (which is not often enough).

                  Thank you

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Endpoint Alerts, mass purge

                    Customer would like to have the option of purging multiple alerts from the UTM. They don't want to have to go and click on each individual Endpoint and clear the alert especially when using 350 endpoints.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • UTM Endpoint: Client for Apple / Mac

                      Have the ability to have Macintosh Endpoint Protection Clients

                      210 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        6 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Link proof for incomming E-Mails

                        The Utm checks Content opened via Webbrowser very well! Do I get a E-Mail with a link inside and it is Malicious or other Dangerous Content it will be blocked by Webprotction.

                        It would be great if E-Mails containing links get a Link proof. The Links will be checked for Dangerous Content/Targets similar to the Webprotection when I open the link in the Webbrower in the WWW.
                        Then UTM could remove the link an forward the E-Mail so the User knows about the Mail but no Dangerous Content arrives the User. The UTM could replace the Link with an Information…

                        6 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • 4 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Run SAV on kiosk mode

                            It would be handy to have the SAV available in a Kiosk mode. So, when
                            a particular user is logged in, all a user can do is perform

                            a scan on removable storage devices such as USB memory sticks and CD's. This would be for standalone virus scanning stations and would allow users to scan these devices, but not use the computer for anything else. This would keep the process very simple for

                            users who are perhaps a bit unsure of how to use these machines.

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • bei der Multipath-Konfiguration auch gleich den bereits definierten DHCP-Bereich auswählbar machen, würde einen Schritt sparen...

                              bei der Multipath-Konfiguration auch gleich den bereits definierten DHCP-Bereich auswählbar machen, würde einen Schritt sparen...

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                              • if-then rule for e-mail encryption

                                In UTM 9.2 SPX Encryption will be added.
                                At the moment eMails wont be delivered if you use SSL/TLS and the receiver doesnt support encryption.

                                My suggest is to force SPX Encryption if SSL/TLS doesnt work, with automatically notification to the user "hello, mail was sent with pw "xyz" to recipient "abc", pls provide pw to recipient and note that recipient doesnt support encryption". or so.

                                2 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • html5 vpn portal swedish keyboard

                                  Please add swedish keyboard to html5 vpn portal.

                                  21 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Change object type on SUM for network definitions.

                                    Change object type on SUM for network definitions.
                                    For example: On a SUM-Server it would be very useful to change an object from a Host to a DNS-Host or DNS-Group. This would give administrators the possibility to change objects without revisiting any UTM where this object being used.
                                    Of cause there are situations where it is tricky to do it because some configuration fields just allow certain objects but an error message could be helpful here.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Please add support for blocking LimeWire in the Application Control.

                                      We need a way to block LimeWire. it's not in the list.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                      • HA Setup let ***** takeover before master reboots

                                        We currently have a HA setup with 2 UTM320's.
                                        Whenever there has to be a reboot of the master device (either manually or due to an upgrade of the software) all RED connections break as well as all site-to-site connections.
                                        I know this happens, so I can schedule updates and reboots, but shouldn't it be possible that the ***** first takes over everything from the master before the master goes down, effectively keeping any connections up?

                                        9 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                                        • ip filtering web application firewall

                                          Have the ability to specify which source networks, hosts are allowed to access a published website. This way we can add the IP-restrictions on the UTM box itself for a specific site instead of having to do this on the webserver hosting the site itself.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          1 2 5 7 9 81 82
                                          • Don't see your idea?

                                          Feedback and Knowledge Base