Lightbulb Illustration

Sophos Ideas

Sophos UTM: The Ultimate Security Package
Proven protection for your network – simpler, faster, better.

Sophos UTM

Sophos UTM: The Ultimate Security Package
Proven protection for your network – simpler, faster, better.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Ser

    Currently, the only way to enable SSTP is to use a DNAT rule and forward the entire 443 (HTTPS) traffic to an internal VPN server. This effectively "blocks" the use of 443 for anything else - be it Web Admin, User Portal, any virtual web server.

    Forefront TMG makes it possible to forward SSTP VPN connections easily to a SSTP VPN server (it's a shame a built-in SSTP is not available in UTM, but that's a different request altogether), making it possible to use other services on the default HTTPS port.

    Since Sophos UTM is advertised as a Forefront replacement…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Temporary whiltelist for web filtering with auto remove when site is re-categorised.

      When encountering a site that is incorrectly blocked by Web Filtering, place an entry in a temporary white-list (or just in the Allow These Websites list) to allow access. User then would submit a request back to Sophos to have the site looked at and re-classified.

      Once UTM detects the category change, send administrator an email and automatically remove it from the white-list.

      This helps reduce duplication where a site category may change but it is still white-listed.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • to add the option connection Inactivity Timeout for a specific NAT rule

        to add the option "connection Inactivity Timeout" for a specific NAT rule either in GUI or terminal

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Enable users to reset their domain user password using Web Mail

          There are many companies that force employees to reset domain user passwords very often. Now, when employees need to access mail using their Web Mail and their password has expired they will have to call IT to reset their password, but if working hours has finished and there is no IT personnel in the office, or maybe it's weekend, which is even worse, they will have to wait until next working day so that IT can help. In situation like this, enabling users to reset their domain account password using Web Mail Portal, like Microsoft TMG does, would help.

          22 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Parent Proxy sequence option

            Need sequence option for Parent Proxy (like a Firewall Rule - from first to last)
            Example:
            1. URL= www.test.org -> forwarding Parent Proxy ProxyA
            2. URL= *.test.org -> forwarding Parent Proxy ProxyB
            3. URL= *.*.org -> forwarding Parent Proxy ProxyC

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Notifications for failed VPN login

              It would be good if notifications could include failed VPN connection attempt.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
              • notification disk going fail

                There is no Monitor/Notification which would send information for harddisks going to fail in a few days/week. Maybe using S.M.A.R.T.?

                And there ist no notification about failed single disks, only in RAID like "CRIT-060 Raid degraded: harddisk replacement needed".

                Please add a notification for single disks (without RAID) in case of failure or a few days earlier.
                Thank you.

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →
                • Iview 2 Radius RSA-secure-id

                  Iview 2 supports only radius chap authentication. We like to use RSA secure-id because we are using this also with our Sophos UTM 9.4x appliances.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                  • Support for Multiple Domains for DKIM on SEA

                    Feature Request - Support for multiple domains for DKIM on Email Appliances

                    We have two email domains that send through our clustered email appliances and want to setup DKIM for both domains, however currently the email appliances only support DKIM for a single domain.

                    We would like the ability to enter more than one selector and private key within the DKIM settings.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Sophos Central - increase days email is kept in quarantine

                      Please give us the ability to change the default 14 day quarantine retention to at least 30 days.

                      4 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Fully support QUIC (HTTPS via UDP)

                        Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
                        I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

                        More about QUIC can be read here : https://www.chromium.org/quic

                        With that said, I would like to see full support for QUIC natively in Sophos UTM…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Detect port scans using an XG and automatically block the source IP

                          The XG firewall should be able to detect port scans when they occur and then have the ability to block the source IP.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Shud be a Feature to block spam emails instead quarantine, if its with diff IP, Subject but if email body contains Repeated Words

                            There should be a Feature added to Block the emails with email body Containing some repeatedly words. As for example, on of our client receives email with different ip's, different subject but always the body contains the letters "Canadian-Pills" and he always asks us to block it. When contacted Support, they asked us to either block Domain, IP from where they are receiving.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • PureMessage UNIX: Quarantine notifcation with release link

                              Customer would like to be able to integrate a link for releasing a mail from quarantine with a template variable within notifications - similar to the release_href in the digest-spam.tmpl.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow for the encryption level for SNMP v3

                                Currently when configuring SNMP v3 for network monitoring, the encryption is automatically set to AES, but does not identify the strength of the encryption. It has been found through testing that the AES encryption being utilized is AES 128, which is below the requirements for regulations such as Payment Card Information (PCI) and the Health Insurance Portability and Accountability Act (HIPAA) compliance. It would be greatly helpful to allow for the selection of the AES encryption level when configuring SNMP v3 for network monitoring.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                                • allow to disable userportal when OTP is enabled

                                  i want to turn the user portal off for security and to stop users downloading vpn software to any computer - but if OTP is enabled i get 'OTP users cannot access auto-created tokens in user portal' - so my work around it to turn off auto generate OTP then turn off the portal but this makes it hard to turn back on

                                  i want to be able to turn the user portal off no matter what

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • UTM\SG Test for Document, PDF, EXCEL and exec file on Sophos Side

                                    It can be very convenient to have option Open\Review file on Sophos UTM /SG side before download to computer and review file.For example you received a file and customer not sure if there some mail-ware to another threads, he can actually review file directly in Sophos UTM\SG or file will be transferred to Sophos LAB and reviewed there by a same user.Just Emulation of OS where you able to review files
                                    Is not Sandstorm it actually emulation on files

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                                      create updated visio stencils for the XG platform for use with Visio 2013 and newer.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • VPN: Local VPN ID choices with IPsec PSK

                                        This has been marked as "completed" but to my understanding is only half complete.
                                        Having multiple IPSec site-to-site tunnels autheticated by PSK, one still can't freely choose the ID for each tunnel.

                                        Given I have multiple tunnels to customer networks (where I can't change the ID Type expected for my host)
                                        some expect me to give the external IP as Peer ID others expect the hostname (which sometimes doesn't even match the real one)
                                        Under current 9.4 I can only set my ID once for all tunnels but not individually per tunnel.
                                        So any Connection should also allow to edit…

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                        • allow local ssh to EMA

                                          allow local ssh to EMA

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base