Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Type of files attributed to the activity when downloading/uploading

    This also ties into data leak
    prevention, let’s say we were storing social security numbers, and someone was uploading them to a website. Great feature to incorporate on the appliance to monitor exact DATA being transmitted.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
    • produce an error in the GUI if an invalid character is used for the SSO password

      We have had an issue support ref #5301894 where when using a ' in an SSO account to join the UTM to the domain you constantly get an error report that it cannot sync groups, changing the password resolves the issue.
      It would help if the UTM reported an error when entering a character it cannot support.

      Thansk

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • Separate AP updates from FW updates (So your wireless network doesn't go down when updating to the latest FW build )

        Although you have a High Availability hardware, when an FW update includes a Access Point update, your wireless network goes down for an extended period of time.
        It would be nice to separate FW updates from AP updates.
        Also a bit of feedback from the AP update procedure would be nice. ( So at least you get a clue why it's down )

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Redesign Copernicus interface "It is HORRID"

          I watched the video, I am just a home user, but I find the typeface and color combo and over all design so badly designed. I don't see confidence and strength. I get this feeling I am looking at a "home store" website, like Wayfair. I would bounce that design SO quick out the door in the design meeting. How THAT got passed and excepted as the interface design is beyond me. Did Martha Stewart do that design? I give it a "2" out of 10 for design. How uninspiring.

          Someone comments:

          Ya, when I saw that I was pretty…

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
          • HTML5 VPN Automatically Create RDP or VNC Entries for ALL PCs

            If you could add the ability to create VPN portal entries for a range of IP addresses or better yet all computers discovered on a network that would be excellent.

            The idea behind this is to be able to quickly create entries for every computer on a network so Help Desk associate could easily login to the user portal and remote control any PC on the network just by knowing it's name.

            Another idea might be to add the ability to enter the PC name when attempting to connect in much the same way that a Remote Desktop connection works.…

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
            • Users UTM

              Hello,

              There is some method for moving users (CSV file) to a UTM?

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
              • upnp with requirement for static dhcp extra-meta tickbox as acl for upnp deamon plus device probing and cloud based behavior intel

                Add secured uPnP support with requirement for a static dhcp extra-meta tickbox serving as acl for upnp deamon's trusted access. You might even go as far to deepen the acl with rules applied to device request possible based on a detection probe.and central intelligence for generalized behavioral modification of UTM layers based on the fingerprint of network device, with review and customization. That would greatly simplify and automate the GUI experience.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Change mail logs display from "return to" address to "sender" address

                  I have found that the SMTP logs and Quarantine logs actually display the "return address" and not the sender address.
                  This makes it impossible to search for mail from a particular person if they use a third party email responder service.
                  I have found a lot of clients are now using third party mail services, eg ANZ, BOC, Blackwoods etc.
                  This means in our logs we appear to have a lot of mail from "*@chost.net.au" (the third party mail service) but we have no idea who the real sender was ANZ, BOC etc....
                  Support confirm this problem, but only suggest…

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Logging  ·  Flag idea as inappropriate…  ·  Admin →
                  • Notify the external sender when SOPHOS UTM blocks an E-Mail

                    A customer want to have the the following Feature.

                    An incoming E-Mail gets blocked by UTM because of an listed File extension.

                    Now the UTM sends a Mail to the external sender that it has blocked the Mail be cause of an listed extesion. Maybe with a free text field for individual spellings.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • 1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • user migration

                        Customer would like to have a tool or utility to migrate local users on servers to the UTMs user database so basic auth through RA will work without having to import 400-500 users.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                        • 1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • - Email Filtering rate limiting.

                            It would be great to have a rate limit added to email filtering. Barracuda Spam filter did this great. I got hit with over 2 million spam messages from a user account that got compromised due to a **** password. Rate limiting would have solved this.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Check Endpoint security against IPS before rolling out rulesets

                              You should check if new rulesets for SNORT IPS are compatible with your own products BEFORE rolling them out. It happens every now and then, that the UTM IPS blocks Endpoint installations and/or updates.

                              9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • SSL VPN installer name format

                                sample normal file format of SSL VPN installer is sslvpn_inst_admin@support.sophos.com, customer didn't want to see their user name on the file name on this sample the part of admin

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                • Enable OTP for WAF on a per-Authentication Profile basis

                                  At the Moment we can use the new OTP Feature just for all virtuell webserver. Therefore, it is not possible to use this great new function in most implementations.

                                  An example, many customers want to publish Exchange Services like OWA, ActiveSync and Outlook Anywhere. OWA with OTP and ActiveSync without OTP. But that is not possible.

                                  I suggest, you implement a new authentication Profile for OTP that we can use in the site path Routing.

                                  7 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • QoS for Virtual Webservers

                                    QoS / Throttling the upload for virtual webservers (Web Server Protection). It would be nice if you have many webservers, that you can throttle the upload for each "virtual server"

                                    exampe: - virtual webserver a (wan) unlimited upload to wan side
                                    - virtual webserver b (wan) limited upload 10mbit to wan side

                                    that would be realy nice, is it possible?

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Virtual Webserver - Wildcard SSL Import Domains

                                      When using a wildcard SSL certificate, I would like the ability to import a list of domains on a virtual webserver. This is possible on a HTTP virtual webserver, but not when on the HTTPS one. We have a wildcard web development environment and have multiple servers with 50+ sub-domains on each server. Currenlty, we have to manually enter every single domain since the import functionality is not on the HTTPS virtual servers.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • add a whitelist option to the user portal.

                                        It would be great to have a user portal section where users could be given the ability to manage exception list for their users as a global option. This way site managers could add sites to the exception list that everyone can access without having to involve their IT support or allow them to modify the UTM

                                        6 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Autonomous quota consumption (no user confirmation)

                                          The new quota feature works great, but there is a big problem using quota on mobile devices. Having a media streaming quota configured you have to open a web browser and confirm the amount of time (quota) you want to use. That works fine on desktop, but on mobile IOS devices such requests in a browser gets redirect to a installed APP (You Tube) and you never have the chance to confirm the quota you want to use - as a consequence YouTube app does not have internet connectivity.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 114 115
                                          • Don't see your idea?

                                          Feedback and Knowledge Base