As it is, I found I had to create an extra VLAN for WAP deployment and then bridge my two planned SSIDs to two tagged VLANs.

It would be nice to have a feature whereby you could make changes but if lost connection to the device then restart to roll back config prior to changes. I guess similar to cisco's running config and startup config.

In the Cisco world, many times i've used a reload in 00:05 then made complex changes knowing that if a problem occurs and I lose the device it'll automatically reload in 5 minutes and i regain access.

Connect from SUM with SSH over a HTML5 VPN to an UTM.
Similar to the existing WebAdmin call.
And don't forget the auto login as root user.

• add Remote Access Profile configuration in SUM (!)
  ...just like:
  click [Add remote access profile]
  (1/3) for UTM fw72
  (2/3) for users <AD user group definition>
  (3/3) for local networks <local network, for example network reachable via site2site VPN>




• add SSL Site2Site VPN option in SUM (Configuration > VPN), same/similar style as IPSec Site2Site VPN

...so you do not have to log into WebAdmin on every single UTM.
imagine 50+ remote offices and you'd like to add a local (maybe testing-)network for SSL VPN users.

It would be awesome to have alerts and notifications delivered via Growl (or Prowl for iOS). It's a much faster and more obvious way to manage alerts!

Currently you can place a backup file on a USB stick, name it to restore.abf, and it will be installed during boot up.

Please provide the feature to permit the upload of an encrypted configuration file (.ebf) during the boot of the firewall by prompting for the password during boot which is entered via console (or ideally perhaps the LCD??)

When we create an IPSEC VPN in SUM and use "automatic firewall rules" option, we can't edit the option "log traffic" for these rules and so we can't see the logs for these rules.

In flow monitor - Bandwith Usage Now - KB/s is displayed.
This is misleading, there should be kbit / s

Enable alerts to be sent to an email address. Although Sophos Anti Virus quarantines well sometimes the machine does not recover entirely from an attack. The last attack I dealt with was seen off but many parts of the OS needed attention to recover fully

If the SUM is the primary SUM on the UTM, you can set it to back up daily, etc.

The secondary SUM, doesn't have this option. It doesn't need to have control like the primary SUM, just get back ups.

Allow Network Groups to be used for both the User Portal and Remote Access VPN at the below locations. This need is due to having more than one circuit. When we have more than one circuit, we want to be able to allow 1 Public IP on each circuit to listen, however due to the current design, this is not possible.

User Portal->Advanced tab->Network Settings
Remote Access->SSL->Settings tab->Interface address

Thank you,
Travis Grenell
Systems & Network Engineer III
Cisco, Microsoft, HP & Sophos UTM Architect Certified
Sophos Gold Partner
Snap Technology

We manage hundreds of VFW's in our environment and cannot take the risk of running firmware updates weekly on all of them. Some are also global, so we may need to do them at different time schedules. It would be great if we could schedule them Monthly rather than weekly. Adding flexibility.

The ability to upload individual licenses to all linked/connected UTMs through a single SUM instance/interface. In a scenario where a user might have 50+ UTMs connected a SUM, uploading licenses to all them can be a tremendous hassle.

If you follow up the new ideas for the past months all of them were requested for UTM but none of them are available. Every single idea was used to XG (Copernicus).

This is abolutely inacceptable. Especially as the UTM license model is based on a ongoing subscription.

Why There is Turkiye (Or Turkey) in your installation. We have Sophos licence for 6 years. Installation doesnt have Turkey. I am selecting other countries. Dont you like Turkey?

Hello,

There is some method for moving users (CSV file) to a UTM?

Would be great to see Sophos support utilising a MySQL DB backend for Safeguard Enterprise as is possible with Mobile Control.

It will be nice, when it will be possible to organize own Certificates via SUM for all Sophos UTMs.
At the moment, I have to connect to all UTMs manual to install some root certifiacte manually (for example for this problem: https://www.sophos.com/en-us/support/knowledgebase/122257.aspx )