Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. POP3 proxy: Check ZIP / Archive files for blocked extensions

    This option is available for smtp, but not for pop3. There are many companies using pop3. It will be a good option to protect against malware.

    13 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Modify how SPF filtering works

      Change SPF filtering so if there are multiple relays, it does not check all the relays against the original sender. For example... an email is sent from bounce@schoology.com to abc123@gmail.com. The gmail account has an autoforward on to redirect the mail to abc123@internalmailserver.com. Right now, the appliance reads the email as coming from the schoology.com domain and checks the SPF record for schoology.com. The IP checks out and it passes. Then, it sees the gmail.com relay and checks the gmail server against the schoology.com SPF. It fails, because of course schoology.com is not going to list Google's mail…

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Additional option for Trusted Relay

        We have auto-forwarding setup on our Google domain so all mail sent to those accounts are forwarded to our internal Exchange server. It is causing problems with SPF filtering, so we must add Google's mail servers to our trusted relays in order for the mail to come through. It would be nice to be able to link the trusted mail servers to an SPF record, like Google's, because their mail servers number in the thousands and their IP ranges are frequently changing. If we could somehow link the trusted relay to the SPF record, then the IPs would change as…

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • A feature to determine which endpoints are consuming Internet bandwidth.

          We would like to be able to more accurately determine which endpoints
          are consuming Internet bandwidth. By being able to pass data to our SolarWinds Netflow Traffic Analyzer we will have this functionality.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • UTM - enable pattern matching in DLP extended rule creation over entire email

            Patterns/Strings specified in a rule for DLP matching should be matched against all of an email, not only subject/body. Currently only Patterns or strings in the Body or subject line will be matched.
            the immediate benefit would be inclusion of definable headers (such as sensitivity or confidentiality headers) that integrate seamless with existing email client infrastructure, such as Outlook, to trigger a dlp match. The trigger-header that exists ( X-Sophos-SPX-Encrypt ) is only reasonbly configurable in certain email Client applications.

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Include Symantec verisign root certificates in UTM

              Currently only some of the Symantec Verisign root certificates are included with UTM. Please add all of them as this is causing HTTPS scanning customers to be blocked from a large number of sites. The complete list and test links can be found here: http://www.symantec.com/page.jsp?id=roots. Thank You.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • ES5000

                It would be great if the GUI showed when a recipient registered for SPX and when they received the encrypted email. I spent a lot of time just proving these people haven't registered using syslog which is awful

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • ES5000

                  At present I can only use wild cards with the custom groups, when will this be available in the user groups?

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • es5000

                    Users of SPX are under the impression that
                    the reset will allow them access to old encrypted emails. We
                    have now removed the reset feature and would like the wording removed in
                    the recovery email which we cannot amend.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Broadcast for NetBIOS name

                      The UTM should support broadcasting for the NetBIOS name. This would allow host name resolution without the need for a DNS server. This would be particularly useful for BYOD networks.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                      • Use SUM to create Full VPN Site to Site tunnels

                        Please enable for Site-to-Site VPN in SUM to be full tunnel. You cannot create an "Any" network definition in SUM. Allow an "Any" rule to be created or a checkbox for routing all traffic through VPN tunnel.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                        • All user portal details/ downloads via admin console and download

                          it would be extreamly helpful to assist with deployment of top end executives where we were able to as admin's download from the admin portal user credentials for VPN configs etc especially that of the SSL VPN

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • add ZTE MF 823 to 3G supported device list

                            Our ISP only supports ZTE MF 823 USB 3G modems and it is not on the supported device list. Telsra is the largest ISP in Australia nad we have many clients requirin 3G failover that are Telstra customers

                            18 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • authentification certificat web protection

                              HI,
                              To protect web offer multiple authentication mode as the Web SSO agent .. But you do not offer certificates based on the authentication which is very unfortunate.
                              Do you plan to implement it in your product?

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • It would be useful, for the Sophos Web Proxy Appliance Console, to have the ability to create an account with only read-only access.

                                It would be useful, for the Sophos Web Proxy Appliance Console, to have the ability to create an account with only read-only access or guest access. Currently all accounts even the limited ones have the capability to schedule reports or approve submissions, I basically want to create a user with view or read only capabilities

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Routing: SLA (Performance) routing

                                  Some customers ask to have possibility monitor in Uplink monitor not only availability, but also SLA metrics: Jitter, packet loss, delay.
                                  Based on some threshold choose the best Uplink.
                                  It's good to have not only UTM, but also for RED.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Integrate Support Ticket Number in Sophos Support Acces

                                    It is now possible to give Sophos Support access to the UTM for a specified Time. Why not be able to enter the Ticket ID to allow the access as long the ticket is status: open and avaible for all Supporters working on that ticket

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support UTF-8 characters in HTML5 VPN clipboard

                                      Support UTF-8 characters in HTML5 VPN clipboard

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Ability to change IP addresses of Heartbeat network interfaces

                                        Now the IP addresses for the heartbeat network are predefined and there is no officially supported way to change them, meaning that you need a dedicated, separate network for this purpose. In a virtualised infrastructure it is really not efficient as you have a bit limited number of vlans. with the ability to change these ip addresses, these HA pairs could share 1 vlan for this purpose.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Control the AutoUpdate Frequency

                                          Currently the autoupdate frequency is defaulted to 60 mins and we are not able to change that with the Cloud Version. It would be nice to be able to change the frequency as it is taxing on some Servers that are running Sophos.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base