Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RED: DSL/VDSL (PPPOE) Support

    RED should be able to do DSL/VDSL (PPPOE), as this way it can be used with an ISP which is very common worldwide in requiring authentication against their modem.

    399 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      23 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow RED to access the internet line when the Main UTM line is disconnected

      This added mode could mean no disruption to the branch operations in case the UTM is down due to internet issues and cannot be up soon enough. Once the RED detected the UTM is up, it will establish connection and all traffic can be channel to the UTM once again.

      134 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        6 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
      • RED: Virtualized RED Appliance (vRED)

        Virtual Appliance image using as RED Device

        111 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
        • RED: Restart tunnel instead of unit

          When the internet connection drops at the main site (UTM location) the RED restarts to get the tunnel up again. When (for some reason) the internet connection stays down at the main site all internet activities at the remote location are down due to continuous restarts of the RED. If the RED only tries to pick up the tunnel, the internet at the remote location can still be used.

          109 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            Under Review  ·  9 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
          • RED: Support Backup Hostname for RED Connection

            Currently, REDs and ASG must find and connect through the definition of a single host-name that is fully resolvable in the public. While this can use the DynDNS feature in ASG already for "fail over", it might be more simpler to just offer another host-name field to be used in the event RED looses connection to the main host-name?

            Even with multiple WAN links avaialable to an ASG, the REDs use of just a single hostname poses a problem if that particular WAN link or ISP should drop for a time (e.g. fiber cut, dead modem, etc). The downed REDs…

            105 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              Under Review  ·  6 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
            • RED Monitoring via SNMP

              It would be useful to be able to monitor the RED devices via external monitoring systems like Nagios. Currently it is only possible to monitor the status of the local interface, which does not give any information about the actual status of the RED-tunnel.
              It would be nice to be able to monitor the status of RED-tunnels (and possibly even some remote information like IP-information, connected LAN-ports et cetera)

              100 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
              • RED PCI Compliance Changes

                PCI Compliance will always fail on current UTMs using RED. This is due to being unable to disable SSL v3 on this as well as being unable to change the certificates used (currently weak, not using at least 2048 bit keys). Please fix!

                90 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  7 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                • RED: 1:1 NAT Support for RED devices

                  two remote LANs with the same IP range/netmask cannot be connected to the same central ASG by using RED devices in the remote offices. ASG wouldn´t be able to route the traffic on the central ASG correctly.

                  All examples have in common (which is likely), that several of the "remote LAN's" will have the same IP ranges (e.g. surely 192.168.1.0/24 and 10.1.1.0/24 will be used often).

                  As the RED device bridges the LAN to the central ASG, there is no possibility to route the network traffic correctly on the central ASG.

                  So we need a SNAT/MASQ mechanism on the RED…

                  71 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    Under Review  ·  4 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                  • RED: Add power-over-ethernet (PoE) to RED appliances

                    Our company uses PoE VoIP telephones. It would be a nice feature to be able to plug a PoE VoIP phone directly into the Red. This would provide much needed connectivity for our road warriors and employees that work out of their homes. Money would be saved since we wouldn't need to pay for dedicated business lines. A bonus would be that many commercial wireless AP's support PoE as well.

                    69 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                    • DHCP on RED

                      I think it would be great if we have an option to move the DHCP server for RED networks from the UTM to the RED device. This would allow normal LAN access (e.g. file and print sharing) at the remote site even with a disconnected or outage on your uplink.

                      62 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        4 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                      • RED: Allow Branch Name to be Renamed

                        I would like to be able to rename/change the description in the "Branch Name" field of the RED sites. I see that in the WebAdmin there doesn't seem to be a way.

                        When we get an alert that "redXX is down" it would be really helpful to not have to dig up my notes on which site that actually is. This should be a standard feature.

                        More detail about this are posted on the forum:
                        http://www.astaro.org/other-products/remote-ethernet-device-red/47745-rename-red-branch-name.html

                        61 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                        • RED: Selective Split-tunneling

                          I would like to have granular control on what traffic is split-tunneled through the RED. Specifically based on port number.

                          46 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                          • RED: Split Tunneling Exceptions

                            When the RED site goes to internet through the headquarter, when it is in Standard/Unified mode, sometimes it is needed to route the traffic through RED's own internet line for specified destinations. It is very nice to write exeptions for specified ip addresses.

                            40 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                            • RED - local log caching (with push function to UTM)

                              It would be nice if we have a local (cached) log function in the RED.
                              On the UTM we only have the opportunity to see RED online or disconnected, but not why.
                              Therefore, a local RED logging would be great, which sends the information to the UTM when the RED is available again. For example: RED WAN port down, RED get no DHCP address, no connection to Sophos on port 3400 or something like this - to increase the possibilities of analysis.

                              39 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                              • RED: Uplink via WiFi

                                RED rocks. It's simple and it works. I would like to see an option where the uplink would not have to be a hard cable to an Internet connection. Make it an option where the WAN link could be WiFi

                                39 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  4 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                • RED: Uplink and UMTS/3G Signal Status

                                  It would be great to know the status of the internet connection uplink(s) in use on our RED sites. Especially with the 3G/UMTS option, perhaps a way could be found to display the signal strength as well for extra benefits?

                                  38 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    3 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                    Planned  ·  Angelo ComazzettoAngelo Comazzetto responded

                                    Great idea. This feature will be part of UTM 9.2 which will enter public beta in October. You will be able to test it out at that time. Stay tuned!

                                  • RED: Physically Switch WAN connections

                                    It would be very helpful if you could swap the broadbands at the remote RED site to make one (or the other) the default main broadband. This would be handy if one line is having problems such as rate limited but is in the main port.

                                    We have limits on our broadband at most sites and have previously managed this with an alternative product no problem so we were surprised Sophos do not offer this feature.

                                    30 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • RED: Support using own CA in RED to generate 'valid' certificates

                                      Particularly to the RED interface. It would be helpful to apply a certificate to this communication as currently this port 3400 uses a self signed certificate which if you ask the Payment Card Industry Data Security Standard compliance testing they fail you for having a self signed certificate.

                                      28 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        Under Review  ·  7 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                      • 26 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Firmware updates - Enable manual control or schedule for big installations

                                          Currently firmware updates run automatically after appliance updates: For bigger installations I would appreciate to have control over the RED update process. After a pilot update of a few devices RED firmware should be rolled out in clusters to reduce the risk of a full field failure (e.g. due to network overload caused by parallel update of 100 devices).

                                          23 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base