Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Duration of recent messages

    Would it be possible to adjust the duration of the recent messages to display the last 30, 60 or even 90 days instead of just the previous two weeks?

    4 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    • Searching host and service

      In Sophos XG when I implement a new firewall rule and i try to search a single host or service I have to know the exact name there is a way the improve the search field?

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Make UTM Webserver protection work with Exchange O365 hybrid passthrough

        Exchange / O365 Hybrid requires the use of WSSecurity/OAuth between O365 and on premise Exchange servers.
        Webserver protection, when set to passthrough, still intercepts this and breaks the authentication.
        only way to use UTM with Exchange hybrid currently is to use DNAT rules and therefore makes the whole thing redundant and useless.

        please prevent passthrough from breaking WSSecurity/OAuth.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Rename port XG

          Is possibile in future release of Sophos XG rename the port connection? it will be more usefull for the implementation of rule and routing

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
          • View comment

            Is possibile in future release of Sophos XG to view the comment of the firewall rule in the list and not only when i modify a single rule?

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
            • Group firewall rule xg

              With the new Sophos XG I think is more clear if it's possible to Group every rule by the zone and you can expand the Group you need, like every rule from WAN to LAN, every rule from LAN to DMZ ... etc. it is possible?

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
              • manual quarantine

                There should be a way to manually release a quarantine report to individual users through the portal.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • set up the firewall to allow the RADIUS user to change passwords using user portal:

                  set up the firewall to allow the RADIUS user to change passwords using user portal:Presently not possible to change the RADIUS/AD user password.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • A way to show SFP module details from the GUI or via the shell console

                    A way to show SFP module details from the GUI or via the shell console

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                    • Hotspot: Translations for voucher & loginpage

                      "Terms of use" could not be translated on login-page.
                      The variables on voucher (limits) could not be translated ("day" "none") in other languages.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • RED - Increase VPN throughput

                        Hey Guys, are there any plans for new RED Devices? Maybe a VPN throughput about 1000 MBit/s.
                        Thanks

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Remote Ethernet Device (RED)  ·  Flag idea as inappropriate…  ·  Admin →
                        • Route Based IPsec tunneling

                          To connect more than one location to a microsoft azure environment it is neccesary to build route based IPsec connections. In future Microsoft azure will be a important solution platform, so many customer will use this solution.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                          • high availablity - simple table in the GUI to show last 5 HA changes

                            I've found it hard to find out if one of the interfaces has dropped causing the system to switch over in HA. I think it would be good if the HA Status tab had a simple table underneath it showing the last 5 HA switchovers with date/time, and which interface was responsible and why. This would then show an easy to read history and allow users to pinpoint which interfaces are giving them the most issues with regards to HA failover. Maybe this report could be included in the logging section rather than having to go trawling through the raw…

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  HA/Clustering  ·  Flag idea as inappropriate…  ·  Admin →
                            • spam notification for the recipient that a spam has been received and quarantine.

                              Customer would like to have a feature to notify the recipient that a spam has been received and quarantine.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • deploy IPS exception from SUM

                                I suggest you to be able to deploy IPS exceptions from SUM (as we can do with ATP)

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Ban IP for Brute Force Login Attempts on Virtual Webservers

                                  Sophos UTM should automagically block an IP address after several failed login attempts to a webpage that is hosted behind the Web Application Firewall (WAF).

                                  An example would be the WordPress login page.

                                  12 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • puremessage content filter except also sender

                                    On Content Filter I would like to have an exception for the sender. I only can except the recipient, but if I do this he will get all content with not allowed files like .exe.
                                    I would like only to except one Sender because he is allowed to send an Excel with an Makro for example.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • "Routing Precedence" Feature in SG firewall

                                      It would be great to add the "Routing Precedence" Feature, that we can find in XG but not yet in SG

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add Support for BGP Dampening

                                        Add more feature to the existing BGP Implementation on the UTM like
                                        BGP Route Dampening & BGP Community

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add a customizeable field for ddns

                                          Please add the capability to add a custom dynamic dns definition. It may be fine for the most to choose between predefined vendors, but I want to use my own ddns on my own servers.
                                          So what i would need is a vendor entry, in wich I can choose a custom fqdn or ip-adress to work with. It would be ok to use the protocoll form dyndns, maybe a possibility to choose would be nice to.

                                          6 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base