Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Web Security: Time Quotas for Internet access

    I have had many requests to have a policy in our Web Security section where it is possible to allocate a time quota for Internet Access. They do not want to limit when people have access to Facebook for example but how long they are allowed to visit these type of sites.

    582 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      33 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Web Security: Time-Based Application Control Rules

      Hi,
      time based application filtering would be very nice, for example make it possible to use facebook apps at lunch time but rest of day block it

      229 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        14 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Web Security: Transparent Proxy with Transparent Authentication (SSO)

        There is now a transparent proxy, but to have authentication requires a manual login screen for users - which is far from transparent.

        A transparent proxy with SSO is almost essential, I would say.

        197 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          22 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • WebSecurity: Local Content Filter Database

          Provide the option for the Content Filtering URL database to be downloaded/cached/stored locally.. Reduces reliance of URL Filter performance on available bandwidth, increasing response times and lookup speeds.

          192 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            29 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Web Protection: HTTP Connection Timeout Configuration

            As some websites require content delivery by backend database servers the connection timeout between a very active server and a slow database can result in a page timeout.

            By default the ASG http proxy has a value of 60 seconds before closing the connection. Currently this is only configurable to a higher value in cc, please place an option for this in the advanced tab.

            126 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Web Protection: FTPS proxy

              It would be great if the current FTP proxy can support FTPS traffic

              122 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                8 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Web Security: "Phrase Weighting" for Content Filtering

                Add phrase weighting to the content filtration much like what is used in Dansguardian, this would much improve the current content filtration. When used right it would allow pages within an otherwise approved domain or url such as YouTube to be blocked if inappropriate content is present. As is the case with Dansguardian the aggressiveness of this type of filtering can be adjusted quite a bit.

                119 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  12 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • WebSecurity: Proxies and Profiles Mapping to Additional Addresses

                  I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.
                  Unfortunately Fully Transparent HTTP Proxy does not offer this functionality.
                  Read more at http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html#post109466

                  90 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    12 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Web Protection: Support WCCP as a client

                    Customers request support of WCCP for redirecting traffic flows in real-time from a UTM to an out of path appliance. This allows use of third-party web security, WAN optimization or caching solutions. This would not allow Cisco gateways to redirect web traffic to the UTM for filtering.

                    88 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      9 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Web Protection:Force Logout of an Authenticated User

                      We want to force Authenticated users to log out of their current sessions in WEB SECURITY. We also want to check out who is logged in.
                      In all three operation mode (Transparent with Authentication, Basic user Authentication, SSO) please.

                      86 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        17 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Web Protection: Allow Users to request unblocking of sites via submission form

                        We would like the ability to either have greater control of the block pages i.e. fully customisable block pages or to have a form inbuilt to allow the end user to request for the site to be unblocked.

                        The form would prefill with the url, reason for block, username and a box for the explanation to why it should be unblocked. On submitting it would then go to the cache administrator for actioning or to a portal within utm for review

                        It would help increase acceptance of the system. Not all sites that fall within a blocked category necessarily warrant…

                        85 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Web Protection: Global URL Blacklist & Whitelist For All Profiles

                          It would be nice if we could create for the blocking a group of URLs, which may be analogous to the block "URL Filtering Categories" in the "Filter Actions". For example, the URL's to be blocked must not enter in every profile under blacklist.

                          82 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Web Protection: Instant Message (IM) Chat Logging

                            While researching a UTM, I came across an IM chat logger. This will be a nice feature for Sophos UTM to have so I can inspect chat sessions for company violations/data leakage.

                            70 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              8 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Web Protection: Terminal Server Support for Authenticated Transparent Proxy

                              At the moment, the Transparent proxy works by associating credentials with the IP of the "user". Unfortunately, this means that the first Person who authenticates from a Terminal server (like Citrix) authenticates all Users from this Terminal server. Can you change this to Cookie Based or something so authentication works for multiple users sharing the same "IP"?

                              I'm not sure how it might be accomplished, but it sure would be cool to have...

                              60 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Web Security: Enforce YouTube Safe Search

                                Add YouTube as a Safe Search option like Google, Bing, and Yahoo.

                                52 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  Planned  ·  5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Web Protection: Policy testing tool

                                  Provide a tool whereby an Admin can supply an IP, username, URL, and time period, which then gives back the matching profile name/number/details and result (blocked or allowed, and why).. Allows administrators to test their profile configuration easily without having to do manual testing by users at their workstations, constantly logging in and out etc...just streamlines the whole process for deployment and troubleshooting.

                                  48 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Web Security: Support definitions for Allow/Block sites

                                    We are finding on a lot of our sites the company is deciding to block facebook/myspace. When we go into the Web Security -> HTTP/S -> Content Filter, and the Additional URL's to Block box, we can add individual sites, and use just facebook on it's own, but this doesn't pick up "fbcdn.net".

                                    Under Network Definitions, I can put DNS Group and call it facebook, and this picks up all the facebook sites.

                                    I'd like to be able to drag and drop from the Definitions section into the "Additional URL's" box.

                                    46 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Web Security: URL Category Check in WebAdmin

                                      include the bottom with this link into URL Categorization tab, to reach fastly the link to offer a possible categorization for uncategorized websites. It's also a very fast way to figure out how a specific website is categorized.

                                      http://www.trustedsource.org/en/feedback/url

                                      42 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

                                        We will be partially addressing this in UTM 9.2 by adding a ‘Polcy Test’ feature. This not only allows you to find out the categorization for a URL but also to test the policy result for a specific user and/or IP. We will consider adding the ability to submit recategorization requests directly from this page in the future.

                                      • NTLM over Proxy

                                        Feature wir für die Authentifizierung an Sharepoint Seiten im Internet benötigt.

                                        Zitat Microsoft:

                                        A proxy that correctly honors client to server authentication
                                        integrity will supply the "Proxy-support: Session-Based-Authentication"
                                        HTTP header to the client in HTTP responses from the proxy. [...]"

                                        40 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Web Security: File extension blocking inside archives

                                          the need to block specific file types will have multiple customers and with the Extension-filter it works just under the circumstances that files are not inside an archive.
                                          There is the need to block these files also in f.e. "ZIP" archives.

                                          40 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 8 9
                                          • Don't see your idea?

                                          Feedback and Knowledge Base