Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. Web Security: Time-Based Application Control Rules

    Hi,
    time based application filtering would be very nice, for example make it possible to use facebook apps at lunch time but rest of day block it

    263 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      17 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Web Protection: HTTP Connection Timeout Configuration

      As some websites require content delivery by backend database servers the connection timeout between a very active server and a slow database can result in a page timeout.

      By default the ASG http proxy has a value of 60 seconds before closing the connection. Currently this is only configurable to a higher value in cc, please place an option for this in the advanced tab.

      139 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Web Protection: FTPS proxy

        It would be great if the current FTP proxy can support FTPS traffic

        139 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          10 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Web Security: "Phrase Weighting" for Content Filtering

          Add phrase weighting to the content filtration much like what is used in Dansguardian, this would much improve the current content filtration. When used right it would allow pages within an otherwise approved domain or url such as YouTube to be blocked if inappropriate content is present. As is the case with Dansguardian the aggressiveness of this type of filtering can be adjusted quite a bit.

          122 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            12 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Web Protection: Youtube and blocking specific categories

            Coming from another vendor one of the features I like/had was that I could block categories within YouTube. We are a School District that needs to access YouTube (YouTube for Education has limited content). It would be nice to setup a policy or rule to be able to block these YouTube Categories.

            Currently available categories are:
            • Film
            • Autos
            • Music
            • Animals
            • Sports
            • Shortmov
            • Travel
            • Games
            • Videoblog
            • People
            • Comedy
            • Entertainment
            • News
            • Howto
            • Education
            • Tech
            • Nonprofit
            • Movies
            • Movies_anime_animation
            • Movies_action_adventure
            • Movies_classics
            • Movies_comedy …

            109 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Web Protection: Allow Users to request unblocking of sites via submission form

              We would like the ability to either have greater control of the block pages i.e. fully customisable block pages or to have a form inbuilt to allow the end user to request for the site to be unblocked.

              The form would prefill with the url, reason for block, username and a box for the explanation to why it should be unblocked. On submitting it would then go to the cache administrator for actioning or to a portal within utm for review

              It would help increase acceptance of the system. Not all sites that fall within a blocked category necessarily warrant…

              106 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Web Protection: Proxies and Profiles Mapping to Additional Addresses

                I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.
                Unfortunately Fully Transparent HTTP Proxy does not offer this functionality.
                Read more at http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html#post109466

                102 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  13 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Web Protection: Support WCCP as a client

                  Customers request support of WCCP for redirecting traffic flows in real-time from a UTM to an out of path appliance. This allows use of third-party web security, WAN optimization or caching solutions. This would not allow Cisco gateways to redirect web traffic to the UTM for filtering.

                  88 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    10 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Web Protection:Force Logout of an Authenticated User

                    We want to force Authenticated users to log out of their current sessions in WEB SECURITY. We also want to check out who is logged in.
                    In all three operation mode (Transparent with Authentication, Basic user Authentication, SSO) please.

                    83 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      17 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Web Protection: Instant Message (IM) Chat Logging

                      While researching a UTM, I came across an IM chat logger. This will be a nice feature for Sophos UTM to have so I can inspect chat sessions for company violations/data leakage.

                      70 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        8 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Web Security: Enforce YouTube Safe Search

                        Add YouTube as a Safe Search option like Google, Bing, and Yahoo.

                        55 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          Planned  ·  6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Web Protection: Browser enforcement (Eg. Chrome or Firefox)

                          The ability to create policy to block users by browser type. e.g block all IE, etc.

                          39 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Web Security: ICAP Support

                            Many DLP Systems, etc. work to filter web traffc by utilizing a 3rd party HTTP Proxy (Squid, etc.)... Most work with ICAP compatible Proxies... adding this ability would preclude my customers from having to add yet another proxy to their network infrastructure.

                            38 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              9 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • HTTPS Scanning: Have proxy provide certificate chain when using intermediate CA cert for HTTP-CA.

                              Many large organizations already have an internal CA used for certificate signing. This CA is already deployed to all of the client systems and browsers.

                              When implementing the HTTPS scanning, it requires another CA be deployed to on the Astaro which then has to be deployed to the hundreds or thousands of clients. It would be better to, instead, create an intermediate CA certificate from the Root CA and use that on the Astaro since the clients already trust the Root CA.

                              For this to work, I believe that the Astaro needs to provide not just the forged site certificate…

                              34 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Webfilter with certified youth protection

                                Is it possible to integrated a certified youth protection webfilter in the UTM.
                                Please see the link

                                http://www.bundespruefstelle.de/bpjm/Aufgaben/Listenfuehrung/bjpm-modul.html

                                31 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Web Protection: Block Files Upload in Webmail

                                  I would like to be able to block the upload of file to webmail using Web Filtering.

                                  Ideally, we should permit users to open a webmail (like gmail.com or other public webmail) but i don't want to permit to attach file/upload file in a new mail on the webmail. In this way i can block a possible disclosure of corporate data. Thanks

                                  30 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Web Security: Redirect instead of displaying block page

                                    I am Astaro Hong Kong Support, for SMEs, they would like to Astaro provides redirecting page insteads of blocking page e.g) web security blocking page. SMEs can type their company webpage and don't want to display any blocking message.

                                    30 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Web Security: RTSP Support / Skipping

                                      Currently Real Time Streaming Protocol is not able to be properly handled by the proxy (such as apple.mov quicktime keynote speeches). Add a mechanism to either proxy this traffic correctly, or just skip it from the scanning to allow it to operate properly with the client.. Extends the streaming support of our proxy to avoid admins needing to remove users entirely or live with certain sites / streaming not working when the proxy is enabled. Mantis: 0009463

                                      29 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        8 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • FTP-Proxy virus scanning robustness

                                        At the moment, if virus scanning enabled on UTM (320) for files smaller than 50MB you can run in a problem, if the file a packed zip file with a high compress rate and a complex directory and file structure(e.g 220MB more then 1600 files). The transfer can not completed and the ftp log show you:
                                        2014:01:09-18:42:13 XXXXX-1 frox[23903]: Got no response from cssd
                                        2014:01:09-18:42:16 XXXXX-1 frox[23903]: Virus scanner failed

                                        My suggestion is, that the admin has the option to allow transfer complex zip files without an virus scan like a file that excite the maximum scanning size. it is…

                                        27 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • AstaroOS: Bind Proxy to Defined Interface(s)

                                          Possibility to fix the interfaces for the web or mail proxy. E.g. I want to use the web proxy only for traffic between (LAN and Internet) and (DMZ and Internet) but not allow the LAN to see the DMZ.

                                          27 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7 8
                                          • Don't see your idea?

                                          Feedback and Knowledge Base