Improve information labels in the local console : "virus data date" is not concerning virus identities but update date of the detection engine.
Translations are also concerned by that. May be the network console too.

Sophos should include a feature to allow an administrator to remotely shutdown or uninstall the client from the enterprise console. Most other enterprise AVs have such a feature. It isn't always easy to walk to every machine or obtrusively RDP into a workstation. The process should mirror installing through the enterprise console, silently and remotely.

It would be nice if we would be able to Sort the Domain-Lists in fields like Webserver Protection - virtuell Webserver
Web Protection - Filtering Options
etc.

Allow a comment to be added to the mac address table so that you can record what devices the address is for. This makes it easy to manage the list if a device is to be removed.

It would also be nice if the wireless clients list could look up the comment and display it next to the record so you could see the device in the list.

I would like to have feature like to delete the activity logs, not sure how long it is available or it is eating CPU, in that case we must have feature unnecessary log files which we can see in the Management.

Currently there is a limitation with the SMC console - device applications cannot be uninstalled remotely when the end user has installed it from the device.
We would like to see a feature from within the SMC console to manage all device applications - providing the ability to uninstall applications on devices e.g ipads/iphones whether they have been installed by the end user or not.

any password that is entered is stored in plain text in the change log. This should be shown as an encrypted password, or the ability to delete the change log.

With the automatic backups currently you cannot specify the time that the backup runs.
Could this be added to standardise when the backups are run as they currently run at random times between UTM's.

I often find when I schedule a UTM to update its firmware, that I'm having to bounce back to the dashboard to ensure that the time/date of the UTM is correct, I never take this for granted. So my idea is to simply put the system date/time at least on the Up2Date screen, if not just at the top of the screen in general.

It would be useful in these days of security auditing to have the ACC produce an asset report of all hardware under management including all serial numbers of ASGs / Sophos UTM devices within clusters

It should be possible to address notifications to different users or user groups.

For example:

IPS warning to user a@exmaple.com

Base system notifications to user b@example.com

Would be riskless, do an automated backup first !

It would be very helpful if the backup comment (Management > Backup/Restore > Create backup > Comment (optional)) will be included in the subject when sending backup files via mail.

Current subject when sending a backup manually:
[<hostname>][INFO-010] Configuration Backup File

Suggestion:
[<hostname>][INFO-010] Configuration Backup File (<Comment that was entered while creating the backup>)

Hi Sophos,

We recognized that our product is using insecure key-exchange "diffie-hellman-group1-sha1". "diffie-hellman-group1-sha1 is used only has a size of 1024 bits. This size is considered weak and within the theoretical range of the so-called Logjam attack.

We would like to remove diffie-hellman-group1-sha1 in ssh service/port-22,

Please kindly provide a step or your action to remove it.

I've 3 AP connect to a UTM, i would reboot them but not manually with the aweetool, with a schedule task (crontab, rc.local, shutdown -d [time] ecc..., at the moment do this isn't possible..

This "feature" is very important for a correct connectivity ofthe AP, because
every one/two/three months you are forced to restart them manually.
The awetool is useful but yu need to connect to UTM by ssh, start the tool, find the AP and reboot it MANUALLY.
Give the possibility to create a crontab for do this wil be very very useful, we'll apreciate it.
thanks

Would be nice to apply network traffic quotas to a rule rather than just users or groups. This would allow IoT or headless devices to be cut off after exceeding a quota.

The default port to email a backup copy of the settings is Port 25.

Many ISPs block Port 25.

It would be helpful if an alternate port could either be chosen or selected such as Port 587.