Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add the ability to have traffic throttling rules going through the UTM HTTP Proxy based on the source network of the requesting client

    This would be useful when particular networks (eg; a wireless network) are generating a lot of web traffic and you want to ensure the traffic is filtered and doesn't consume all bandwidth having other networks (such as the internal wired network) receiving poor performance.

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • create a configuration option of Cyphers in Gui.

      create a configuration option of Cyphers in Gui.

      19 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • option to View the time of access to websites

        It would be useful to be able to see the time that websites were accessed,

        on the web filter report it would be nice to have a column that shows the time that the website was visited as well as by which user/IP address

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • RED: add WebControl

          I think, it will be helpful, when the RED can allow/block traffic, where are configured on UTM. Like you realized it with the Endpoint Clients

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
          • Proxy support IVIEW 2

            currently there is no possibility to activate IVIEW 2 if there is no direct internet connection. We have IVIEW on a internal server and the only possibility to connect to internet is trough a proxy but this can't be confgured. In IVIEW 1 this was possible.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
            • x-forwarded-for

              Allow the logging of X-Forwarded-For IP addresses / log proxy protocol.
              With AWS supporting log proxy protocol and when not inspecting HTTPS with ELB, the UTM is blind to the source IP address and the logs only reflect the EIP source IP address for clients so no way to ID the real client IP address at the moment in logs.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
              • Ability to block any subdomain in the Blacklisted address patterns

                I would like to block *@*.example.com but it is impossible. Spammers use subdomain in order to bypass the filter.

                105 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  8 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow rules in the Policy section to trigger based on the custom mail header

                  "Allow rules in the Policy section to trigger based on the custom mail header report added by the appliance when it performs its assessment of an email.

                  e.g. A rule to add a custom banner if the item REPLYTO_FROM_DIFF_ADDY is present in the report appended to the mail headers."

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • update your root CA list

                    i'm constantly having to add certificates in the "certificate validation" area. sophos support says it is because the root CA isn't trusted. could you please add the root CA for www.geospatialexperts.com

                    thanks

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Remove support for DES and DH768 or allow them to be disabled

                      Remove support for DES and DH768 or allow them to be disabled. PCI security scans flag their availability as a risk (QID: 38115), even though they are not in-use.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                      • Built in monitoring solution to check the status of the UTM's SMTP services.

                        There have been issues with the cssd daemon running whereby it generates a 500 error scanning every message and all email is dropped. This wasn't noticed until mail flow had stopped for a period of time. It would be good to have built in monitoring of some of the core services, such as inbound/outbound SMTP. If this monitoring could actually test the interaction with the service it would be ideal.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • hotspot + logout

                          Hi there,

                          we need a possibility to logout from your voucher. So that I can use the rest contingent of voucher an other day. The other reason why we need it is that if you leave a public PC, the next one sits down to the PC and can use the rest ammount of the voucher.

                          21 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            4 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • 74 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              10 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • 1. Quarantine site for alt. email addresses, and 2. Search capability in the quarantine site for multiple email account

                              -users can review and manage quarantined emails that have been sent to alternate email addresses also wants to have search option whenever users have 1 or 2 email address

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • Safeguard should save bitlocker keys even is system has been deleted from AD

                                What I like to see is the ability to get keys by using the recovery key identifier and the getting the key back, even if the system was deleted from AD.

                                Similar to the way your product behaved while Sophos encryption.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Customization of quarantine notification emails

                                  We would like to be able to customize the notification emails that are being sent to users when an outgoing email has been quarantined.
                                  Currently it says:
                                  Subject: "Message delivery incomplete"
                                  Text: "Your message to the following recipients was quarantined: [...] quarantine reason: [...] Please contact your IT administrator for further assistance."

                                  It would be nice to change the text or even the layout to fit our corporate identity.

                                  10 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Search firewall on IP Adresses

                                    It would be nice to be able to search in Firewall definitions for IP Adresses, aditional to search on object names.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Webserver Protection: Reverse Authentification with NTLM and Kerberos

                                      The Reverse Authentification feature (UTM 9.2) for WAF is a nice progres, but I'm hoping that it will soon be extended. There are many scenarios that require at least NTLM; Kerberos would be nice as well. Yes, we are coming from TMG :-)

                                      425 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        12 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Reset HTTPS connection instead of URL Filter block page

                                        As an option, please provide the ability to drop or reset an HTTPS connection to a blocked web site when "URL filtering only" option is set. Reset may be preferable to drop so as to avoid timeouts. The default behavior of responding with a block page is helpful except that it causes certificate errors for clients who do not have the UTM certificate in their trusted CA list. When not using web filtering for true MITM scanning of content, it seems excessive to deploy the UTM cert throughout one's environment, and can be especially challenging on some devices. A simpler…

                                        5 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • WebAdmin to use CA's from the default CA store

                                          Currently most web services published from the UTM make use of the Certificate Authorities uploaded by the user in the CA store (Webserver Protection >> Certificate Management >> Certificate Authority). However, the WebAdmin service uses its own CA (which affects also User Portal and SPX encryption pages).

                                          The self-signed CA that is generated during installation remains in the apache directory and becomes redundant if the user wishes to upload a publicly signed certificate from a trusted company (eg. Thawte, VeriSign, Comodo etc.). Even though the user uploads the CA certs from the trusted company into the CA repository, the WebAdmin…

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base