Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. RED: DSL/VDSL (PPPOE) Support

    RED should be able to do DSL/VDSL (PPPOE), as this way it can be used with an ISP which is very common worldwide in requiring authentication against their modem.

    344 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      22 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    • RED: Compression Support for Tunnels

      Please implement data compression ability for RED Tunnels. This would allow more effective throughput using RED devices with slow internet connections - especially with slow uplink speeds, and also saving RED Bandwidth on Internet Uplink on HQ if there's for example heavy usage of good compressible content as HTTP traffic, SMB access etc.

      131 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        6 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
      • RED: VLAN port configuration on RED

        It would be extremely handy to be able to configure the individual ports on a RED to support different VLANs -- for instance, port 1 and 2 could have VLANs 20 and 30 tagged, with ports 3 and 4 running untagged (VLAN 1)... really handy for a branch office setup with VOIP, etc. It would also be nice to be able to configure a hybrid port as well.. .that is, one that you can configure a native VLAN on (untagged) with tagged VLAN IDs all on the same port, a la Cisco, etc.

        113 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          7 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
        • RED: Virtualized RED Appliance (vRED)

          Virtual Appliance image using as RED Device

          107 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
          • RED: Support Backup Hostname for RED Connection

            Currently, REDs and ASG must find and connect through the definition of a single host-name that is fully resolvable in the public. While this can use the DynDNS feature in ASG already for "fail over", it might be more simpler to just offer another host-name field to be used in the event RED looses connection to the main host-name?

            Even with multiple WAN links avaialable to an ASG, the REDs use of just a single hostname poses a problem if that particular WAN link or ISP should drop for a time (e.g. fiber cut, dead modem, etc). The downed REDs…

            101 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              Under Review  ·  4 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow RED to access the internet line when the Main UTM line is disconnected

              This added mode could mean no disruption to the branch operations in case the UTM is down due to internet issues and cannot be up soon enough. Once the RED detected the UTM is up, it will establish connection and all traffic can be channel to the UTM once again.

              78 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
              • RED Monitoring via SNMP

                It would be useful to be able to monitor the RED devices via external monitoring systems like Nagios. Currently it is only possible to monitor the status of the local interface, which does not give any information about the actual status of the RED-tunnel.
                It would be nice to be able to monitor the status of RED-tunnels (and possibly even some remote information like IP-information, connected LAN-ports et cetera)

                67 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                • RED: 1:1 NAT Support for RED devices

                  two remote LANs with the same IP range/netmask cannot be connected to the same central ASG by using RED devices in the remote offices. ASG wouldn´t be able to route the traffic on the central ASG correctly.

                  All examples have in common (which is likely), that several of the "remote LAN's" will have the same IP ranges (e.g. surely 192.168.1.0/24 and 10.1.1.0/24 will be used often).

                  As the RED device bridges the LAN to the central ASG, there is no possibility to route the network traffic correctly on the central ASG.

                  So we need a SNAT/MASQ mechanism on the RED…

                  67 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    Under Review  ·  3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                  • RED: Dedicate UTM as RED Device

                    It would be VERY useful to have an Option to activate an ASG as RED-Device (also known as RED-Hub-Mode). ASG works as RED-Device/Client.

                    ASG connects directly to another ASG using RED-function. Thus you can share SAME Networks at different Locations and bandwith is only limited by ASG and not to 30 MBit/s of a RED-Device without the need for an additional device.

                    60 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      7 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                    • RED: Allow Branch Name to be Renamed

                      I would like to be able to rename/change the description in the "Branch Name" field of the RED sites. I see that in the WebAdmin there doesn't seem to be a way.

                      When we get an alert that "redXX is down" it would be really helpful to not have to dig up my notes on which site that actually is. This should be a standard feature.

                      More detail about this are posted on the forum:
                      http://www.astaro.org/other-products/remote-ethernet-device-red/47745-rename-red-branch-name.html

                      60 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                      • DHCP on RED

                        I think it would be great if we have an option to move the DHCP server for RED networks from the UTM to the RED device. This would allow normal LAN access (e.g. file and print sharing) at the remote site even with a disconnected or outage on your uplink.

                        58 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                        • RED: Add power-over-ethernet (PoE) to RED appliances

                          Our company uses PoE VoIP telephones. It would be a nice feature to be able to plug a PoE VoIP phone directly into the Red. This would provide much needed connectivity for our road warriors and employees that work out of their homes. Money would be saved since we wouldn't need to pay for dedicated business lines. A bonus would be that many commercial wireless AP's support PoE as well.

                          53 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                          • RED: Fail open if device fails

                            Currently all in-line RED deployment options (Standard/Unifed, Standard/Split, Transparent/Split) will fail "closed" when the UTM is unreachable. Ah option to permit the RED to fail "open" when the UTM is unreachable and allow traffic to the internet (as it does during normal operation with split-tunnel traffic) would greatly reduce dependence upon the central location for businesses that heavily use internet hosted applications. We can live without the AV & URL filtering for short periods of time.

                            45 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                            • RED: Selective Split-tunneling

                              I would like to have granular control on what traffic is split-tunneled through the RED. Specifically based on port number.

                              43 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                              • The red 10 should stay up and running and service endusers with an internet connection when connection to UTM cannot be established

                                The red 10 should stay up and running and service endusers with an internet connection when connection to UTM cannot be established. Now the red remains rebooting until connection to utm can be established again while the internet connection is fine.

                                43 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                • RED - local log caching (with push function to UTM)

                                  It would be nice if we have a local (cached) log function in the RED.
                                  On the UTM we only have the opportunity to see RED online or disconnected, but not why.
                                  Therefore, a local RED logging would be great, which sends the information to the UTM when the RED is available again. For example: RED WAN port down, RED get no DHCP address, no connection to Sophos on port 3400 or something like this - to increase the possibilities of analysis.

                                  39 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                  • RED: Uplink and UMTS/3G Signal Status

                                    It would be great to know the status of the internet connection uplink(s) in use on our RED sites. Especially with the 3G/UMTS option, perhaps a way could be found to display the signal strength as well for extra benefits?

                                    39 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • RED: Uplink via WiFi

                                      RED rocks. It's simple and it works. I would like to see an option where the uplink would not have to be a hard cable to an Internet connection. Make it an option where the WAN link could be WiFi

                                      38 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        4 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                      • RED: Split Tunneling Exceptions

                                        When the RED site goes to internet through the headquarter, when it is in Standard/Unified mode, sometimes it is needed to route the traffic through RED's own internet line for specified destinations. It is very nice to write exeptions for specified ip addresses.

                                        37 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • RED: Physically Switch WAN connections

                                          It would be very helpful if you could swap the broadbands at the remote RED site to make one (or the other) the default main broadband. This would be handy if one line is having problems such as rate limited but is in the main port.

                                          We have limits on our broadband at most sites and have previously managed this with an alternative product no problem so we were surprised Sophos do not offer this feature.

                                          30 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base