Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. add a filter field in smtp log tab for time range and be able to export to excel (csv)

    It would be helpful if SMTP log can filter according to date range and time range and be able to export out to csv format

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Enforce SSL for authenticated SMTP

      Enforce users that authenticate via SMTP to UTM to use SSL, therefore not allowing plaintext authentication.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Unique IDs for firewall rules for documentation purposes

        We would like to have a unique ID assigned to each firewall rule, so that you can refer rules in your documentation by those IDs.
        Using the position number for documentation purposes is not working of course.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Full NAT for Whole Networks

          Right now Full NAT will work on a per address basis, but not a whole network 1:1 basis. This would be a very helpful feature when sibling networks need to talk to each other when protected by an outer UTM.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
          • iview

            in iView reporting (eg. 10.176.200.27:8000, not the port 4444 one), user would like to have the object name based in Reports > Web Usage (such as Top Web Hosts). at the moment, in UTM, we can see IPs and Objects, but in iView, only IP based data shows there, since the user has no AD, then object based data reporting is need.

            related case number: 4857872

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
            • Controller Based Client Steering

              hello sophos,

              i would like to initiate a feature "Controller Based Client Steering".

              this means that a client can be "pushed" for different reason (ie. band, number of clients, strength of signal, ...) from AP-to-AP or Band-to-Band.

              the decision or calculation for this should be done on the UTM.

              Best would be to have a prioritize matrix in the GUI.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Automatic creation of SMIME/OpenPGP certificates

                Internal Users need to be generated manually for all users. Having the UTM automatically create certificates (S/MIME and/or OpenPGP) - optionally disabled - would make large scale deployments much smoother. This could be triggered either at time of user creation (automatic or manual) or when an email passes through the smtp proxy (perhaps controllable by domains/profiles)

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Enhance Application Control App Categorization

                  Lot of people would like to be able to easily block advertisers, web trackers and analyzers to enhance their surf experience in general and to enhance privacy too by blocking all those trackers and analyzers.

                  There are already >150 of such advertisers, trackers and analyzers as apps in the UTM's application control. Sadly all of them are categorized as "web services", which is misleading andunhelpful, as in this category are also CNET and Mozilla downloadservers, CDN's as Akamai etc., whic disallows a simply general block af that category.

                  I propose, that this "web services" category will be splitted further into …

                  200 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow a guest wireless network behind a RED to utilize the split tunnel

                    Would like the ability to configure a guest wireless SSID behind a RED to enable the traffic for the guest to go out the split to the internet and not utilize the UTM tunnel bandwidth, saving that for the internal network.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Can you please put dates on the product patches/releases and sort in date order.

                      Just trying to make it easier to find patches and updates for our existing product set.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                      • Allow for at least logo customization of the User Portal and WebAdmin page.

                        Would like to see the capability to extend at LEAST logo customization of the User Portal page. Ideally it would be beneficial to modify the logo for the WebAdmin portal as well, however the User Portal customization is critical if we are to position this solution against competing products from Juniper (MAG), Palo Alto, and Fortinet.

                        34 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                        • In the E-Mails reporting a Portscan list the ports that were scanned and the IP address that was scanned

                          In the email that is sent notifying of a Portscan include the Ports that were scanned and the Destination IP address that was scanned?

                          Example of Current E-Mail that is sent.

                          A portscan was detected. Details about the event:

                          Time.............: 2015-01-05 20:48:46

                          Source IP address: 222.208.119.169 _169.119.208.222.broad.lz.sc.dynamic.163data.com.cn_

                          --
                          System Uptime : 0 days 9 hours 58 minutes
                          System Load : 0.10
                          System Version : Sophos UTM 9.305-4

                          Please refer to the manual for detailed instructions.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add Zenmate and to Blocking In Application Control

                            Add Zenmate plugins to Blocking In Application Control

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • waf report

                              The executive report could show the attacks detected and blocked by the WAF.

                              11 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • Cloud Storage Gateway

                                More organizations are beginning to rely on cloud storage solutions to address various user and infrastructure needs. Yet, concerns remain over data leakage, malware, and unauthorized access. As the Sophos HTML5 Portal offers a lightweight abstraction layer for remote desktop access, they should also offer a WebDAV/SSL based abstraction layer for cloud storage.

                                Relying on the existing feature set of "layer 8" identification (CyberRoam), in-transit scanning, DLP, high-throughput encryption, and an already comprehensive Linux OS, Sophos is uniquely positioned to offer users an abstract view of their storage topology. Sophos could easily support a variety of heavier storage protocols on…

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • API Gateway

                                  Enhance border protection by offering an API gateway solution, ala Forum Systems' Sentry API Gateway. As more companies begin to rely on distributed infrastructures that rely on remote API communication, especially within the cloud, there is a clear need for this type of security.

                                  Considering Sophos' "all in" strategy on cloud offerings, "layer 8" intelligence from CyberRoam, and mobile security from Mojave, Sophos already has the key components in house to dominate this emerging market at a far more competitive price point.

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Timeout of Snort

                                    It is requested that it be recorded in the log when the monitoring of snort does the time-out.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

                                      Thanks for sharing your ideas with us. I wanted to get some clarification though, because it’s not clear what this request is asking for. The IPS engine doesn’t have any sort of timeout value that would cause an event to need to be logged.

                                      If you mean that when IPS causes a session to timeout because it has discarded packets, that this should be logged, but this is exactly what IPS does by default. Can you clarify what additional behavior you’re asking for?

                                      Thanks again for sharing.

                                    • Additional interfaces at 1:1 NAT

                                      Automatic definition of additional interfaces at 1:1 NAT or the possibility of additional interfaces to define in a range.

                                      12 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Extended RED logging on UTM

                                        Enable extended logging of RED device-connections on the UTM. This should include the following infos:
                                        - RED downloaded config from provisioning server
                                        - RED has initialized firmware update
                                        - DHCP-config the RED received (if configured as DHCP)

                                        This would greatly enhance the ability of the admin to debug RED-issues before opening a support call with the Partner and/or Sophos and may speed up recovery times.
                                        Therefore it would be beneficial to all parties :-)

                                        4 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Certificate expiration date

                                          Add a possibility to change the certificate expiration date in e-mail encryption

                                          4 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base