Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Name field for Firewall Rules

    Being able to assign a firewall rule a name that can be tracked through the life of the rule is a great tool to help manage your firewall. If the name also shows up in the logs especially live log it is incredibly useful

    You don't need to try and track a rule by a number that keeps changing as rules are added or deleted, simply track the rule name.

    This feature is available in other UTM and firewall products. From someone who's used the feature for many year it is definitely something I miss in the UTM

    62 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Connection Tracking Helper SFTP

      A customer want to use a sftp Connection from extern to his Company. For this he install an QNAP NAS and activate SFTP over Port 2112 (SFTP Port 22 is not avaible).

      The Problem is that when we want to connect extern the NAT and Firewall Rules is working, but SFTP Need more then the one port.

      For FTP the solution and Routing works. But SFTP didnt work, For FTP you can use the Connection track helper, but SFTP can not use with that.

      So please activate sftp to work with Connection track helper to work with the different ports.

      23 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • RED PCI Compliance Changes

        PCI Compliance will always fail on current UTMs using RED. This is due to being unable to disable SSL v3 on this as well as being unable to change the certificates used (currently weak, not using at least 2048 bit keys). Please fix!

        90 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          7 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
        • Sophos UTM software installer with serial console enabled by default

          Please see this www.astaro.org thread:
          https://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/51383-sophos-pcengines-apu-6.html#post286165

          With 8000 views, there is a huge VGA blind but SERIAL aware user community. We would love a serial console (ttyS0) enabled installer image.

          216 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            8 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
          • Electric RED protection improved

            Sometimes, when a power cut occurs on a customer machine (we use RED10 on the machine shop floor to have a remote access
            to the automates in a customer plant), the RED10 dies...
            There must be a better electric protection of the REDs.

            14 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
            • Firmware Automatic Restore of the RED

              Firmware Automatic Restore of the RED when it lost itself (firmware corrupted)...
              Sometimes, when a power cut occurs on a customer machine (we use RED10 on the machine shop floor to have a remote access
              to the automates in a customer plant), the firmware of the RED10 get corrupted.
              And after that, the only solutoon for us is to send another RED10 to the customer.
              So the support is at least 24h late...
              We can't ask the customer to do the manual firmware restore. They are industrials not IT...

              15 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
              • Improve the WAN Gateway monitor.

                Copernicus project

                Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
                This can help much to prevent false positive gateway status.
                The same feature could be added on VPN Failover system

                17 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                • Add support to choose multiple Hosted Address when create a Business Application Policy

                  Copernicus Project
                  Add support to choose multiple Hosted Address when create a Business Application Policy.
                  Imagine a customer with 3 WAN links and 50 Business Application Policies rules. It is needed create 150 Rules for this. This is a real case today.

                  14 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                  • Rename objects

                    Copernicus project

                    Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
                    This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

                    15 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add support SNMP via VPN without add static routes.

                      Copernicus project:

                      Add support SNMP via VPN without add static routes. This need works as SSH via VPN, only choose a check box allowing or deny the service.

                      Today it is needed add static route pointing to tunnel name.

                      12 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                      • Block IP's using Blacklist/Blocklist Service

                        Support the use of Blacklists/blocklists. Note that this feature was requested at link below and apparently Sophos thought that ATP would satisfy the need, however it does not provided the requested functionality, Therefore I am re-posting this as a new suggestion.

                        The old suggestion was marked as implemented by the ATP feature; however ATP is not what was wanted and generates too many false alerts. This is the prior feature request: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/1982075-network-security-block-malicious-botnet-bad-ip-s

                        Plain and simple: We want support for blocklists. Such as those found here: https://www.iblocklist.com. I would also like to specify a blocklist per network. So for example…

                        23 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • add ZTE MF 823 to 3G supported device list

                          Our ISP only supports ZTE MF 823 USB 3G modems and it is not on the supported device list. Telsra is the largest ISP in Australia nad we have many clients requirin 3G failover that are Telstra customers

                          18 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add support to copy/duplicate policy rules

                            Copernicus Project
                            This will help us to reduce time, management in this operation.
                            Policy Rules with the same same destination, ports, gateway through but with the source address different, could be easily cloned with based from other one.

                            10 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add support to choose both protocols (TCP/UDP) in Policy Rule

                              Copernicus Project
                              Currently we have to create a separated rule to each protocoal TCP/UDP

                              9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add support SNMP service to multiple WAN interfaces.

                                Today this makes is impossible an efficient monitoring of appliances (Copernicus) with multiplpe WAN interfaces. The SNMP server only works through a unique WAN interface.

                                8 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add support SNMP Community answer to any (0.0.0.0) IP Address

                                  Copernicus project:
                                  Today it is needed create one Community to one specific IP address.
                                  It is impossible create two 'Public' communities by example to two different IP address or create a single Community String for any (0.0.0.0) Ip address.

                                  9 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  SNMP Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add option to change Appliance SSH port access

                                    Copernicus Project

                                    Add support to change SSH port access.

                                    12 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow more IP's on Home/Free UTM

                                      with all the connected devices its becoming very easy to hit the 50 IP limit on a home edition license. Throw in a few lab servers and you are almost guaranteed to.

                                      Any chance this can be increased? I see a few years ago this was done.

                                      76 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        8 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Attachment, link, and file emulation

                                        Email is a huge vector for malware. Not all of it comes in as an attachment. Links in email often lead to NEW malware. NEW versions of malware are attached or embedded into Office documents. Files users download may have NEW undetected malware in them.

                                        Palo Alto has Wildfire. FireEye has a similar service/appliance. Each service takes URLs, Office documents and unknown files and detonates them in a sandbox to determine if they are malware. Previously unseen downloaded files are uploaded to the same service. When NEW malware or malware links are discovered, an update is pushed to all subscribing…

                                        17 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • hotspot + logout

                                          Hi there,

                                          we need a possibility to logout from your voucher. So that I can use the rest contingent of voucher an other day. The other reason why we need it is that if you leave a public PC, the next one sits down to the PC and can use the rest ammount of the voucher.

                                          19 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            3 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 116 117
                                          • Don't see your idea?

                                          Feedback and Knowledge Base