Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ipoe

    Support for IPOE, since it' s not only in use for consumer lines, but also for >100MB business lines, because lower overhead then pppoe.

    20 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow users to reset Active Directory passwords from the UTM User Portal

      Raised on behalf of a Sophos customer, see support case 6426894.

      Customer would like the UTM's User Portal feature to function in a similar manner to the portal available on the Microsoft TMG product.
      when using a TMG, if a user's Active Directory account has been flagged to 'Reset password at next logon" when they try to log into the portal, the TMG portal notifies the user that they need to change their password and completes the password change with them.

      Using a UTM in the same scenario results in an authentication failure (expected behaviour), but the customer would like…

      9 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • In SUM, include the capacuty to configure SANDSTORM

        In SUM, include the capacuty to configure SANDSTORM

        18 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
        • An option that offers flexibility of applying updates when making changes in the UTM that affect the RED devices.

          Currently when applying changes to the UTM that has some bearing on the REDs will cause the REDs to reboot. This is a problem when there are no off hours to reboot and you have users on these devices working. We should have an alternative that will give you the option to apply the changes manually and or schedule the updates.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Don't have the RED device reboot constantly when tunnel between it and the UTM is down.

            It would be nice to have the RED device NOT rebooting constantly when the Tunnel between it and the UTM is down. That way users can at least access the internet. Right now they are completely down.

            72 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              2 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • AWS auto-scaled UTM WAF alerting

              First, its absurd that I have to ask here for basic functionality. Sophos UTM does alerting when attacks against web apps are detected. this does not work in your AWS auto scaled UTM stack. the worker nodes send logs to the queen node, but the queen does not alert on the events in those logs. We would have to use a 3rd party SIEM solution to process the logs. Your AWS auto scaled UTM is incomplete without this functionality and I would like it added.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Different File Extension Blocking for different "Profiles",

                It would be nice if it would be possible to add different "profiles" for SMTP-Malware-Detection.
                Actually I would like to add the microsoft extension in File Extension Blocking, too. But not for all domains! We have any customers, they send us the orders by an excel file, for example. This (known) domains I would like to exclude from this. But not from the whole detection.

                My Idea:
                Basic-Profil with standard file extensions to block -> for ALL domains

                Further-Profiles with furhter extensions to block for specific domains (inclusiv extensions from basic-profil)

                OR a exclude-option for specific domains and for specific…

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Ability to set up permitted devices under licensing

                  I would want the ability to set up permitted devices under licensing.

                  For example:
                  Only devices 192.168.1.10 to 192.168.1.20 should be permitted to the network.

                  If a user attempts to connect from 192.168.1.21, this device should then be blocked (like the license count was exceeded), even if theres licenses left. (and that device should then not count in licensing)

                  This would mean that any device outside of this, would not be able to connect to the UTM at all, and thus would not "spend" licensed devices (eg, any devices outside of the specified entires, or course multiple entires should be…

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                  • Web Protection: Meaningful error messages

                    UTM Web Protection now blocks TLS 1.0 traffic (when HTTPS inspection is enabled), However, when a connection is blocked because a server only supports TLS 1.0, the user receives a block message with the vague reason code "Input/Output error". I had to open a support case (and wait for it to be researched) to learn that this meant a protocol incompatibility between UTM and the server.

                    I tried to convince the technician that meaningless or misleading error messages should be considered as bugs, but he insisted that it had to be filed as a feature request. I am firmly of…

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Sophos UTM: support Mumbai AWS deployments

                      Submitting on behalf of client: requesting to have ami support/available in Mumbai AWS deployments - currently not supported.

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Standardize the HotSpot password

                        Would it be possible to put an option in the SUM to have the same HotSpot password on the whole of an SG / XG fleet

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • limit a SSL VPN profile to be able to login just from a specific IP address

                          I need to limit a SSL VPN profile to be able to login just from a specific IP address and another profile no limit !!!!

                          I understand that I can simply open/close the User Portal and prevent access to the client/certificates but this is not that I am looking for because not vpn profile aware !!!

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          • I'd like to have the create the possibility to bridge a vlan interface with a red interface on our sg330

                            I'd like to tag packets from a red device with a vlan id and bridge them to a local vlan interface

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Export Mail Header History to CSV or TXT

                              Need option to export the mail header history to a txt or csv file in Reflexion Email Portal.

                              At present the view of email headers is limited only to 100 rows and manually doing the copy/paste is too time consuming to be done on daily basis.

                              Best would be to either provide option to do export as an csv/txt and/or increase the limit of rows to like 500 or 1000, as that way at least the time required for manual copy/paste will get reduced.

                              2 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Adding exception for unscannable/encrypted mails

                                only be able to either turn of antivirus check or manually sifting through unscannable attachments is a pain either way

                                4 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Sent email alerts from Sophos Central

                                  Enable alerts to be sent to an email address. Although Sophos Anti Virus quarantines well sometimes the machine does not recover entirely from an attack. The last attack I dealt with was seen off but many parts of the OS needed attention to recover fully

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Captive Portal should redirect automatically when first time logging

                                    In new XG 210 firewall, after up-gradation of firmware version SFOS 16, Captive Portal not pop-up (redirect) automatically after first time we open browser. Previous version ( SFOS 15), it's working fine even we are using ASG220 firewall since last 6 years, in that also this feature working fine but new firmware having a issue of automatically redirect of captive portal.

                                    Hope it was bug and you will resolve it soon. Thanks.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Real time bandwidth usage for firewall rules

                                      Add a method to check the real time bandwidth usage for firewall rules.

                                      So users can distinguish which rule uses the most bandwidth and set the proper QoS for it.

                                      0 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                      • The HTML5 VPN Portal should have a Wake On LAN feature when connecting to a PC over RDP

                                        The HTML5 VPN Portal should have a Wake On LAN feature when connecting to a PC over RDP. This would enable power savings to be turned on while providing users with the ability to remotely wake and connect to their PCs/Servers over the network (say for a standby environment).

                                        13 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                        • HA/Clustering : Be able to define IP address when several cluster used the same VLAN

                                          HA / Cluster systems use by design the same ip range. On a same VLAN synchronization we can't install more than one HA/Cluster.
                                          We have 4 HA/Clusters we would like to install on the same VLAN. It would be nice to have the ability to define the IP Address Range when we configure HA/Cluster, rather then automatically have an IP range assign to the Cluster.

                                          19 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base