Multiple customers have asked if it's possible that they have a single internal mailbox that requires/forces TLS, so that it denies emails if the recipient doesn't support TLS.
There's already the option for entire domains, but they only want a specific account for the purpose of "secure emails".

hi, can you please add RAMCO on the application list at the application control? we need to filter it in our company. thank you

Microsoft have released guidlines to restrict access to specified O365/Azure tenants.

This requires the injection of an HTTP header.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services

I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.

A customer needs to block spoofed ACK packets on their WAN interfaces in order to pass security policies. In order to do this, they need to enable strict TCP session handling so they can avoid TCP session pickup. This works, however, it's global and causes problems for one of their applications on the LAN side.
By allowing a whitelist of interfaces to allow TCP session pickup, the customer can meet security requirements without disturbing their application.

At the moment it´s not possible to add custom categories under Web Protection -> Application control. Therefore it´s not transparent with application control to get a detailed information what amount of traffic/bandwith is needed for own applications because application which a not predefined by Sophos are only shown in application category “unclassified”

we couldn't authenticate citrix thin client machines in sophos utm

It would great when we could create a report of rules, a report of (unused, is an other question here) definitions and a report of interfaces in a readable format whice can add in a network description.

Currently there is a limit of 50 configs in OpenVPN GUI.
There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

I would like to see that in Sophos UTM SSL VPN Client too.

Make the ISO a standard UEFI ISO

Any plans to offer an extension-based Chromebook filter? It would be great to have a single lens for filtering of all devices.

Support for IBM Lotus Notes Email for web browsers

Not sure if this is in right category. For SPX, currently only the plain text portion of an email is processed and sent as a PDF. The result is an encrypted PDF that looks very much like it was sent in 1990 vs. the formatting provided by HTML. SPX should process HTML portion if it is present then process plain text. Case number is 8594977. Synaman (http://web.synametrics.com/SynaMan.htm) processes the HTML portion and it looks great.

As admin I want to have intermediate CAs automagically added for certificates issued by Let's encrypt client, so they are then served when estalishing TLS connections ad retarted libraries are not breaking due to incomplete certificate chain

In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.

If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.

Hello,
It would be nice if you could add the sandbox function to the user portal so that users could check and submit data themselves.