Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. The UTM should support Chrome browser updates and downloading extensions by default

    We had to define these exceptions

    ^https?:\/\/([A-Za-z0-9.-]*\.)?pack\.google\.com\/([A-Za-z0-9.-]*)?\/chrome\/
    ^https?:\/\/([A-Za-z0-9.-]*)?\.google\.com\/.*update

    and a firewall rule to allow direct access to Google server, to enable chrome updates for the client PCs. This was very time consuming. The UTM should support Chrome browser updates and downloading extensions by default.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • RED: Split connections - physically seperate WAN / Internet connections

      The RED has two WAN ports. I'd like to be able to use one for a private WAN service and one for a cheap Internet service and have the RED both split tunnel the traffic to the links and use the Internet link as a tunnel failover.

      2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
      • You guys should not set the automatic backup to be sent in plaintext to admin email.

        Absolutely critical!

        Although there is warning that private keys will be shown if it is not encrypted. So do not send the generated backup to email address!
        A notification that backup is generated is enough

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • Quarantine Report email - allow Customizable Message Text with HTML

          Please extend function to allow html code to format the text with line breaks and more.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • WAF: Wildcard Support for TLDs

            As a company you often have serveral TLDs for your company name (e.g. company.com, company.de et cetera)

            If those domains are run on the same server and external IP you would have to configure every single domain as a virtual server for the WAF.

            This may result in a lot of work and also needs to be maintained.

            It would be great if <company>.* would be supported as a virtual server instead of just a preceded *

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Web Portal Refresh button per page

              The webadmin has a refresh button at the top of the page and refreshes the current page. However, there is no refresh for the Web Portal. If you do a browser refresh it simply goes back to the Welcome page.

              Primarily I would be wanting to refresh the hotpot page to see new data/expired vouchers etc. At the moment I either have to click another tab or press F5.

              Please add a little refresh button on the Web Portal that refreshes the current page rather than resetting it back to to welcome.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
              • You enable 2 factor authentication options with Duo Security

                When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

                16 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • Show domain user name in repórters, no login name

                  Sophos repórter engine shows login name , i think is better show user name
                  In some cases login name is "Con112014" and his user name is Peter Smith
                  For example

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add log off code for web applications using reverse authentication

                    Forefront has the ability log off clients using "?cmd=logoff" in the web applications code for logging off. This would be nice to have so clients can log off the site with cookie deleted or request to close the browser.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • 3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add Single Sign On for web applications similar to what Forefront can do.

                        Forefront can provide SSO for multiple web applications. I'd like to see a similar feature in UTM 9.
                        For example:
                        An agent signs into www.insurancecompany.com and clicks a link to www.insurancecompanyagents.com, the agent won't be prompted again for authentication because of the SSO policy for the two sites.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • install license by USB, like the restore.abf

                          Some of our customers use OSPF on the UTM to connect their network. Sometimes they miss to renew the license ...
                          If we got notice of that, we can help them for maybe 10-30 days with a temporary license until they get the real new one.
                          But the problem is, the UTM is not accessible from anywhere (SSL VPN or Network) because the routing instance is dead.
                          My idea is to send them the temp file, they put it on a usb and reboot the UTM.
                          If the utm searches for such a file it can easily be installed.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                          • Duplicate IP/Port Filter in Network and Service Objects

                            We are often facing duplicate network objects at our customers. This objects have the same IP, but different naming. This is caused by different admins, adding a new network objects, not knowing that already an object exists. By the time there are lots of duplicates.

                            Add a filter option to find IP duplicates in network objects. After that there should be a selective "merge" option to automatically streamline the configuration. Of course this can also be provided for service objects.

                            Alternatively you can implement a text box, giving the admin the information that an object already exist if an IP…

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Additional supported UMTS devices RED 10

                              I really want to see more supported devices on the RED 10, if even extend the current support on the RED to what is available on the the UTM.

                              6 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                              • ios

                                Add ability for iOS devices to submit to 'IS SPAM' - current iOS users do not have ability to send emails as attachment

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • SMTP TLS fallback to SPX

                                  It would be nice to be able to have SMTP TLS fall back to SPX instead of falling back to sending in clear text as an option.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Outlook plug-in blacklist

                                    Add a option to the plug-in to add to blacklist of senders

                                    2 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Web Application Firewall OTP support for form to form authentication

                                      Support for form to form authentication with one time passwords in the WAF.

                                      The WAF should be able to pass authentication through to a website which authenticates using a form (as opposed to only basic auth) if there is configuration on the UTM that defines the URL to the page which can process the login (not the login form) and the field names for the username and password.

                                      30 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Make the SMTP log in Mail Manager exportable to PDF

                                        Making the SMTP log exportable keeping the colour coding would help IT managers send the data to non-IT related managers/directors - this would be very easy for them to interpret as dumping the colossal data based LOG now is very difficult to pick through.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Show eth link speed/duplex in gui

                                          the link speed/duplex is not curently shown in any of the webadmin tabs, only a general "UP/DOWN" status.
                                          Curently the HW tab in interfaces only shows the capabilities of each NIC, and the support/advanced/interfaces tables doesn't show it either.

                                          the only way to get this important info is to SSH and run ifconfig/ethtool commands, quite cumbersome for an important bit of info (in fact can help troubleshoot cable problems/wrong switch ports/wrong modem configs, etc)

                                          9 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base