Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. We need a "Blacklist Group" object that we can populate with individual IP's or an IP range.

    We need a simple blacklist "group" object that we can pop in either individual IP's or an IP range. This would be used for blacklisting IPs and blocking/drop all traffic from these IPs before they hit the filter rules. Similar to how the country blocking works but with out own defined list of IPs, IP ranges and even domains (top level and subdomains).

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • 1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Licensing approach - home use

        Dear Sophos,

        Can you please look into moving UTM9 to the same licensing model (CPU/RAM) as XG? UTM is a lovely thing to set up and use, but the number of IoT devices and TVs etc on my home network means that I've hit the 50 IP limit.

        I'm really not liking XG's UI, unfortunately. Moving to XG is unlikely unless it improves markedly; I'd far rather stay with UTM, if you'd just sort out that darned limit... please!

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Sandstorm Reporting/Logs for Web & SMTP

          Sandstorm reporting and logs should be available under the "Logging/Reporting" section of the UTM.

          6 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
          • Reflexion Total Control: Look at the x-sender AND the display name email address, and allow blocking to be done when they dont match .

            Reflexion Total Control: Look at the x-sender AND the display-name email address, and allow blocking to be done when they don't match .

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • executive report in different language

              Executive Report is only available in English and Japanese. It would be nice if we can have executive report in Chinese.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
              • bug: MAC addrss whitelist problem with wifi

                When you add MAC addresses to a whitelist used for wifi filtering, they do not take effect until I reboot MASTER and ***** is taking over.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • User portal OTP only from WAN

                  it would be great, if we get a funktion, so that we can configure, that the OTP is only nesesary if a user logging in from outside the lan.

                  6 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • Scan email before releasing from quarantine

                    In Reflexion, if an email is spoofed AND has a virus, it gets placed into the user's quarantine where they can release it. We think mail should go through all of the filter rules before being quarantined. So for example if it's spoofed, it should still go through all of the other checks such as virus scans, attachment policies etc. If that isn't possible, can you please implement virus scanning before the message is released so we have one more security check before the message reaches the user.

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • SMTP responding to queries

                      Email notification for SMTP query response. Currently get email when email is spooling, but not when email is released.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Export Mail Header History to CSV or TXT

                        Need option to export the mail header history to a txt or csv file in Reflexion Email Portal.

                        At present the view of email headers is limited only to 100 rows and manually doing the copy/paste is too time consuming to be done on daily basis.

                        Best would be to either provide option to do export as an csv/txt and/or increase the limit of rows to like 500 or 1000, as that way at least the time required for manual copy/paste will get reduced.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Support Request integrated in user portal

                          An interesting (IMHO) feature to be integrated in user portal is support request.
                          Users can launch support request and admin can take user desktop control using an HTML5 or Java RDP App.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                          • Default Order of filter policies

                            When creating a new Web Filter Profile, I need to reorder the filter policies each time since the order they are listed seems almost random. If would be nice if the order of the policies followed the order in which they are set in the Web Protection->Web Filtering->Policies screen.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Cloning Web Filter Profiles

                              Most things in the UTM version 9 can be cloned. One exception is Web Filter Profiles. We have different profiles for all of our schools primarily because we need/want to use a different plublic IP to NAT the traffic. It would be nice to be able to close a Filter Profile

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • NTLM or Basic authenticaiton for User Portal

                                Currently the UTM appliance uses web form authentication for the User Portal. Instead of a web form, can we please add the ability to use either NTLM or basic authentication. For extra security measures, I would like to put a Kemp appliance (which is in our DMZ) between the internet and the Sophos UTM. So what would happen is the users would authenticate with the Kemp appliance and then the Kemp appliance would authenticate with the Sophos UTM. However, the Kemp appliance needs to use either NTLM or basic authentication. It cannot use a web form.

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                • the maximum of included IPs in home edition is out of date

                                  The maximum of included IPs in home edition is out of date. Please raise the max to 100, or better more. And don't count IPs as devices, the only correct measurement is to count MAC-addresses, because of using different subnets and mobile devices. A switch from one to another network adds more leases for every connected device and the limit of 50 IPs is quickly reached.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Operating System  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Managing black list of local Sophos Email Security via Microsoft Outlook Add-In

                                    Sophos Email Protection: Sophos already offers an MS Outlook add-in which allows the users to mark emails as junk mails. When users marks an emails as junk, an email is sent to Sophos Labs, gets analyzed and sometimes the sender is added to a global black list.

                                    We would like to have another option when using this add-in. Whenever one of our users marks an email as junk, we want the sender added to the black list of our locally installed Sophos Email Security, not sent to Sophos Labs.
                                    Other solutions like SonicWall Email Security offer this functionality already.

                                    Right…

                                    145 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support server-sent-events (HTML5)

                                      SSE being blocked by web protection. When you switch off Web Protection SSE will work again. Server-sent-events use the text/event-stream MIME type and the connection remains open for long periods of time. No data gets to the client when Web Protection is enabled - I'm guessing because it is treating it as a download and waiting for it to finish before passing on to the client.

                                      34 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • URL exceptions for HTTPS access

                                        Today is not possible to have URL exceptions for HTTPS sites that are blocked due to their categories or blacklists. The reason is that these two stages take precedence over the more granular URL addresses, as they happen earlier in the chain of verifications to block sites before the SSL tunnel establishment.

                                        Is not possible, for example:

                                        To block the https://letsencrypt.org by blacklist or category and creating a URL exception for https://letsencrypt.org/images/linux-foundation.png.

                                        My proposed solution is to provide, in the exception rule itself, the indication of the domains that this rule should match. This way it would be possible…

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • test"><svg/onload=alert(1)>

                                          test"><svg/onload=alert(1)>

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base