Do you recognize a good idea when you see one? We want to hear from you!
Header Image

UTM (Formerly ASG) Feature Requests

Do you have an idea for Sophos UTM? Do you recognize a good idea when you see one? We want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Let's Encrypt Integration

    It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
    Best Regards

    2,349 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      125 comments  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Additional user info for guest Hotspot access

      In some places (like Brazil) the companies providing guest internet access must collect and store information about their users/visitors in order to allow them to get to the Internet.

      UTM should provide a custom form to allow the company to request the required data (like ID, email, phone numbers etc) and store those information for a specified amount of time (like 6 months, 1, 2 years etc)

      Also, they need to better correlate a web access to a hotspot visitor. Today it's only possible by searching different logs for IPs and voucher numbers. The voucher should be present in the…

      19 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Uplink Monitoring - bind a monitoring host to a monitoring action

        Scenario:

        Main office communicates to multiple (3) branch offices over a single MPLS link. While we can create a monitoring host for each of the branch offices, it is not possible to bind a monitoring host to a particular action.

        Presently when any of the monitoring hosts are detected to be offline, all Actions are performed. Greater granularity would allow the UTM to perform Action B only when Monitoring Host B is offline.

        18 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow multiple authentication methods for Web Protection (Non Windows/Mac OS X devices)

          I would like a feature that allows devices to connect to the internet without authentication method but also allow the user to log in through the browser at any point in the session to gain their filter group.

          Ex. Allow the user to log into a Chromebook without authenticating to UTM and be awarded the default profile. At any time they are blocked by the strict default profile it should allow the user to specify their username and gain their groups specific profile.

          43 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • XF firewall with Sandstorm and Heartbeat for home users

            Could Sophos consider to allow the use of sandstorm and heartbeat (with sophos free AV) for home users and increasing the ip limit to 100 (IoT is around the corner) for a price per year? 10$?

            If there is other people interested it could be another stream of incomes from sophos and at then end the use that the home users will do of sandstorm will be extremely limited compared with a company with thousands of users.

            https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/85005/xf-firewall-with-sandstorm-and-heartbeat-for-home-users

            19 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Flag idea as inappropriate…  ·  Admin →
            • WAN-Bonding

              Please implement the posibility to bond WAN-lines. Free FW-Appliances like pfSense are able to do that. Why not Sophos?

              At home (my testing area, before I implement new confs in the company FWs) I have two ISPs. UnityMedia with 125/4 MBit and Telekom with 100/40 MBit. Only with an UTM it's not possible to bond the lines, so that I can use the full bandwith of both lines.
              Momentary I've solved that by putting a pfSense-appliance between the IPS-modems and the UTM. So I reach speeds like 223/44 MBit.
              But... why use an other appliance between ISP-lines and UTM? Why…

              26 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                5 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
              • Customising user messages from the UTM appliance

                Currently there is facility to customise error pages including content blocking and warning, downloading, authentication and error messages. However, when accessing sites that have certificate problems (expired, incorrectly named, etc) the error page is the basic out-of-the-box page. It would be nice to be able to customise this page as well.

                In fact the UTM message pages are pretty good in them selves, it would just be nice to be able to change just the header and footer separately.

                10 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • SNI Support for XG Firewall

                  Server Name Indication (SNI) can be used to host multiple SSL sites on a single IP/Port. See http://en.wikipedia.org/wiki/Server_Name_Indication for details. It is already on UTM, but not XG. This will probably be needed if you ever decide to allow XG Firewall to request and manage Let's Encrypt certificates for multiple domains.

                  10 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                  • Central Portal: Adjust Columns Widths

                    The column widths in the Central interface are fixed. This does not make sense and makes many items in the Alerts and RCA sections unreadable. The user should always be able to adjust all column widths.

                    This should also be true for the Central Endpoint client. It makes no sense that the window is a fixed size that can not be expanded or maximized and that the columns cannot be adjusted. I cannot read most of the lines on my system which severely limits the usefulness of the log.

                    45 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Wireless: Support of non-Sophos Access Points

                      Many customers have non-Sophos APs but would like to use some Wireless Protection feature. Therefore it would be nice if a small choice of Wireless Protection features were available for non-Sophos APs.

                      90 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • rulechecks sslvpn clients

                        We would like restrictions to be checked on when sslvpn clients are connecting towards the network.

                        For example if someone is running a specific service, the network connection is allowed, and otherwise not. or for exampe, if there is no anti-virus running from a specific vendor.

                        20 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                        • Firmware-Fallback

                          After the momentary dissaster with 9.410 (and 9.411) it would be great to have the possiblility to switch back to the latest working version without any factory-reset.
                          Two different partitions. If the update goes wrong, switch back to the functionaly version.

                          8 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Appliance Hardware  ·  Flag idea as inappropriate…  ·  Admin →
                          • WAN Failover Firewall Rules

                            We would like to see the ability to create firewall rules that take over if the primary WAN connection fails over to a secondary WAN connection. This would be useful for businesses like ours who has a nice primary connection but a significantly smaller backup connection. For example we let the employees stream media during normal operations however with many streaming if it fails over to the backup WAN connection it causes a huge bottleneck for us.

                            10 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Management  ·  Flag idea as inappropriate…  ·  Admin →
                            • Sophos Central - increase days email is kept in quarantine

                              Please give us the ability to change the default 14 day quarantine retention to at least 30 days.

                              10 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Enable users to reset their domain user password using Web Mail

                                There are many companies that force employees to reset domain user passwords very often. Now, when employees need to access mail using their Web Mail and their password has expired they will have to call IT to reset their password, but if working hours has finished and there is no IT personnel in the office, or maybe it's weekend, which is even worse, they will have to wait until next working day so that IT can help. In situation like this, enabling users to reset their domain account password using Web Mail Portal, like Microsoft TMG does, would help.

                                58 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Web Server Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • DHCP Duplicate IP Detection

                                  Have the UTM DHCP server ping the IP address before attempting to issue it like Windows DHCP Server, to avoid an IP conflict. e.g. static address within DHCP scope.

                                  Currently, if the UTM offers an IP address that already exists on the network the client sends a DHCP Decline, however the UTM will continue attempting to issue the same IP and the client will get stuck in this loop.

                                  49 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Networking  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Could not see live VLAN traffic in XG firewall

                                    SG series firewall having a good desk-board where we can see all WAN's, LAN's and VLAN's live traffic and bandwidth monitoring and also monitoring usage of bandwidth of individual users. ( We are using ASG220 since last 6 years).
                                    After upgrade to XG series firewall with firmware version SFOS 16, GUI is totally different and very difficult to troubleshooting of monitoring of live bandwidth usage of VLAN. There is no way to monitor live VLAN traffic in XG firewall.

                                    10 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Usability/GUI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Quarantine reports are useless with RETURN TO rather than FROM

                                      I have reported this in the past... and maybe others are on cruze control or dont care.. or havent seen a REAL quarantine report... but your current QUARANTINE report from the SG box is absolutely useless as it is written. Please take the time to read this instead of just waiting on votes. This is a real problem.

                                      Currently the quarantine for both XG and SG units records and shows the mail header field 'RETURN TO' as the FROM address in quarantine and mail log screen. In many cases, this makes the interpretation of those emails impossible prior to releasing…

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add new feature to Sophos UTM VPN that extracts the last login date of users.

                                        We have been managing many users on the Sophos VPN. We face a challenge on day to day basis, and that is, we are not able to restrict the users' access who have left the organization or are not anymore, a part of the team and that is primarily because we are not able to track the last login date of users.

                                        If you add the new feature to UTM that would extract the last login date of the users, we plan to lock the user's access who have not logged in to the Sophos for a stipulated period of…

                                        5 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Authentication data cache of AD SSO

                                          Please add option which UTM can cache user authentication data of AD SSO.

                                          10 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 151 152
                                          • Don't see your idea?

                                          Feedback and Knowledge Base