When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

I'd be nice if you would include WireGuard in your suite of server-side VPN protocols in your UTM line.

MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.

Currently there is a limit of 50 configs in OpenVPN GUI.
There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

I would like to see that in Sophos UTM SSL VPN Client too.

Would like to see support for IKEv2 in AWS appliance.

Currently, the Amazon VPC setup does not support the new Transit Gateway in AWS. When you attempt to import via config file or secret key it errors out with a Regex error.

I went up the whole chain of premium support and the GES Engineer let me know it currently isn't supported.

As Transit Gateway is the future of Inter VPC & S2S networking this would be nice to have supported.

APIPA range over route based VPN

Microsoft have been working on their Intune Solution which includes a way to configure a VPN policy that is deployed. There are a number of "Connections" available from other vendors by Sophos are not present. It would be great if Sophos would create a "UWP VPN plug-in" which will allow us to be able to configure VPN's via this. If using Autopilot in the future too a VPN maybe required if not in the office and this same configuration is used.

possibility to add DNS to every different VPN Users group.

For example, for WAN 1, I will let sales group to VPN to access certain areas of the network, For WAN 2, I will only let those road warriors to access a more restricted area of the network instead of using 1 WAN link that gets filtered by the UTM level. My previous vendor, Watchguard, do have such function, except that Sophos has a higher throughput.

The HTML5 VPN Portal works for almost all platforms exept iOS. It would be great if you could add support for RDP/VNC connections on iOS devices.

Currently there is no option to add an IP list in allowed ipv4.Network resources. This feature was there in Cyberoam. Post migration to Sophos, it wasnt possible.
Request to add this feature, so that ACL will be more sophisticated at Firewall Level.

It would be good if notifications could include failed VPN connection attempt.

Currently there's no way to isolate specific SSL VPN users in Sophos. While a Firewall rule can be set to access the whole service there isn't a way to allow users A, B & C access from any network but limit user D to only a specific IP or range.

To connect more than one location to a microsoft azure environment it is neccesary to build route based IPsec connections. In future Microsoft azure will be a important solution platform, so many customer will use this solution.

my uses sometime connect but cant access network resources - they try again a couple of hours later and it works

the net says there are issues with windows 10 and these are mostly fixed with openvpn version 2.4

as version 2.4 has just come out it may be worth waiting until 2.4.5 for any bugs to be fixed but to schedule this into the UTM development pipeline

For make ssl-vpn faster, I would like to set MTU for SSL VPN and enable "engine aesni" for OPENVPN on AWS Sophos UTM9.

I need to limit a SSL VPN profile to be able to login just from a specific IP address and another profile no limit !!!!

I understand that I can simply open/close the User Portal and prevent access to the client/certificates but this is not that I am looking for because not vpn profile aware !!!

The HTML5 VPN Portal should have a Wake On LAN feature when connecting to a PC over RDP. This would enable power savings to be turned on while providing users with the ability to remotely wake and connect to their PCs/Servers over the network (say for a standby environment).