Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can vote and comment on it.

If it doesn't exist, you can post your idea so others can vote on it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  1. AstaroOS: Backup Image / Second Bootrom

    for worldwide support of a network

    -> a internal image for e.g. on the harddisk
    -> choose this image and boot = active image
    -> second image is for a fast switch between running configuration and backup
    -> a similar idea like the backup rom on mainboards
    -> it could / would be something like a appliance with two virtual images and one is offline and if you need it - shutdown the actual and start the other one

    -> it could be also something like a automatic newinstallation -> scripted ( automatic download of the newest image and start…

    99 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      18 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
    • Zero Time HA Failover for VPN and Internet

      Zero Downtime for VPN and network WAN connection in a HA setup.

      19 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        4 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
      • Networking: HA/Clustering for Amazon Cloud

        The ability to operate a pair of UTM software appliances in a VPC, in different AWS availability zones, configured as HA/clustered pair.

        This feature is critical in providing a truly HA VPC solution. I have the need to operate a very highly available VPN endpoint for multiple healthcare providers and this one deficient is preventing us from moving forward with the excellent UTM software appliances.

        (Amazon has a white paper outlining how to make the default NAT instance highly available using two NAT instances and a script that detaches and reattaches the virtual interface and MAC to the standby instance.)

        15 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          Under Review  ·  2 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
        • Clustering: Designate a Hot-Standby Unit (Raid-5 style)

          If one is concerned about up-time, it doesn't make sense to have a cluster where all units must be functional to handle the load.

          Clustering should allow the use of a Hot-Standby unit for the Cluster, for example running two 320's as active with a spare 320 (thus more affordable) in reserve. Allows for true N+1 setups without paying always for the +1!

          14 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            Under Review  ·  2 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
          • HA Setup let ***** takeover before master reboots

            We currently have a HA setup with 2 UTM320's.
            Whenever there has to be a reboot of the master device (either manually or due to an upgrade of the software) all RED connections break as well as all site-to-site connections.
            I know this happens, so I can schedule updates and reboots, but shouldn't it be possible that the ***** first takes over everything from the master before the master goes down, effectively keeping any connections up?

            12 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
            • HA: Disable/regenerate/modify Virtual MAC address

              It would be nice add a button in HA section to modify to a custom value / regenerate randomly or disable the virtual(s) mac address of the attached NIC. It permits more flexible configuration in some case and with some router/switch environment

              12 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
              • Networking: Automatic Gratuitous ARP when HA changes

                When there is changes at HA/Clustering side there should be an option to automatically send Gratuitous ARP to a configurable router (by default can be the default route for a given network).

                We have a big issue since years about that, as we have a bunch of IPs registered into our active/active cluster (more than 350 IPs) when a change occures at HA side more than half of our IPs are no more accessible for hours if we don't do anything...

                So when we have an alert about this we need to run this sort of script:

                for f in…

                10 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                • HA-Cluster in der Amazon Cloud nur mit 3. Netzwerkarte möglich

                  Ein Endkunde hat uns gebeten, folgendes Feature-Request zu stellen:

                  Sehr geehrtes Infraforce Support Team,
                  gibt es wirklich keine andere Möglichkeit außer einem 3. Hardwareadapter? Innerhalb der Amazon AWS Umgebung bedeutet das, dass die VM statt 0,06€/Std. ganz 0,26€/Std. kosten würde. Also 0,20€/Std. nur für die HA-Funktionalität! Das ist überhaupt nicht akzeptabel. Die VM kostet dann pro Jahr statt 525,60€ ganze 2277,60€ nur um die HA Funktion nutzen zu können… Das dann mal 2… Und da sind noch nicht mal die Sophos Lizenzgebühren drin…
                  Können Sie das ggf. als Feature Request bei Sophos einreichen? Es gibt doch sicherlich eine Möglichkeit das…

                  6 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                  • takeover

                    Give the possibility to do a manual takeover from webadmin.
                    Now it is only possible with a reboot/shutdown of the master node...

                    2 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                    • create configuration options in the GUI for UPS configuration

                      -the the ability to select from a drop down the UPS type.
                      - a switch to enable the UPS service ( NUT Network UPS Tools)
                      - how many min before shutdown to begin - or and option to just leave it until the low battery warning from the UPS to initiate shutdown.

                      Thanks

                      2 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                      • HA-Management-Port

                        Would be nice to have an HA-Management-Network-Port to access passiv-Firewall by web, ssh etc.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                        • Randomize deployment tasks

                          The update schedule has no settings to randomise the process. This means that all servers will be updating at exactly the same time This will impact the Virtual Infrastructure to the point of making it unusable. This is particularly pertinent to the lower performance areas on SATA or NearLine SAS disks. IF clients are checking every hour then I need to have at least an hour’s randomisation. This does not appear to exist and has resulted in us dismissing the product for further evaluation.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                          • Don't Keep Write Ahead Logs (WALs) in Non-clustered Installations

                            By default, the Sophos UTM (Astaro) PostreSQL configuration is configured with High Availability (HA) settings enabled irrespective of whether a HA license is installed and/or two or more devices are installed. One of these settings, wal_keep_segments, has been set to a value of 100 ever since Sophos UTM version 9.100-16 and since each Write Ahead Log (WAL) segment is 16MB, this results in a extra 1.6GB of disk space being consumed unnecessarily. The default value for wal_keep_segments is 0 and setting it to this value before starting the PostgreSQL service prevents it from keeping any new WAL segments. I have…

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                            • Networking: Automactially update DYNDNS after failover

                              We have our Astaro 425 configured to fail over to a secondary internet circuit (CenturyLink) when the primary one (Time Warner) fails. Since we have over 25 different external host IP addresses that would need new IP address assignments when failed over to the new circuit we created a CURL script to update all of our DynNet DNS records. Since the CURL utility is already included in the Astaro Linux OS a simple command could be issued as follows: "curl -k -K /home/login/cl_curl_input.txt" to change our DNS records over to our CenturyLink internet public IP addresses after the CenturyLink interface…

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                              • Networking: Make bridge interfaces immune from HA link monitoring

                                Even when "HA link monitoring" of Bridge interface is "OFF", if this interface carries out a link down, TakeOver will occur.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                                • Don't see your idea?

                                Feedback and Knowledge Base