I hope that Sophos will update their current AP products to WPA3 and not only ship new hardware with a WPA3 certification and firmware. The release of WPA3 is planned for late 2018 and would be a great addition to existing hardware installations.

Actually there is only a client isolation between Clients which are not connected to same Sophos AP.
There should be a solution where all clients are isolated, even when they are connected to same AP.
Meanwhile the restriction should be mentioned in the online help of wireless protection.

The customer want to use the API to generate voucher password for guest user logon, they want to design the web portal for guest user to apply and get logon password, but we can't found out the syntax on the RESTful API can support this applied.

"Terms of use" could not be translated on login-page.
The variables on voucher (limits) could not be translated ("day" "none") in other languages.

I need the ability to whitelist certain MAC addresses for devices like XBox and Roku that cannot use a captive portal. Almost every other captive portal system has this ability. Also the ability to link this MAC to a voucher would be great for management as you could input the MAC when you generate the voucher and it would expire when the voucher does.

The Hotspot Type an additional point as Password of the week.
In order for a password, a whole week is valid for the hotspot.
The week Begin with Monday.

Tie the ip address where the voucher is used to the voucher code so that we can see where individual codes have been on the internet.

A voucher network like the user network where it contains all the ip's where they have been used would be good. We can assign a single voucher to a single device for staff BYOD devices, but in some cases we can have one voucher for 300 devices (Guests BYOD). But we need to see where voucher code blah blah blah has gone on the internet.

Many thanks

Reply by Sophos support, currently client isolation will only working between client connecting to the same radio (e.g. they must be all connected to 2.4 Ghz/5 Ghz only).
It would be the best if client isolation also work between client connecting to different radio.(e.g. client can be connected to both 2.4 Ghz or 5Ghz)

I would like to delegate the voucher administration task to someone in 1st-level IT support. This is not possible with the current firmware. The user portal settings are global. It can not be set different "rights" for individual users, so that a particular user sees only the voucher page and may not administer the UTM.

Under the wireless clients, it would be nice to be able to disconnect a device if we do not want it to be connected.

UTM needs to be able to mange the new APX access points (maybe at a reduce functionality) - all the literature says the XG can be nothing able the UTM being able to- this allows a UTM user to upgrade to XG at a later

Hi there,

we need a possibility to logout from your voucher. So that I can use the rest contingent of voucher an other day. The other reason why we need it is that if you leave a public PC, the next one sits down to the PC and can use the rest ammount of the voucher.

Hi Sophos,

I would like to check whether this few feature can be implemented?

1) Set Daily Limit to Voucher (eg, 400mb per day)
2) Set Alert to notify when Voucher validity is about to end.
3) Set Voucher duration to unlimited or 3 years and above.
4) Auto renew Voucher when it expires.

Regards,
Nicholas

Please add a posiblity to change the channel width in the Wireless Protection. AP55c uses 80 MHz wide channels by default which is unwanted in an office deployment.

Need to be able to schedule firmware updates of WAPs.
Currently they happen randomly (at least out of any control) and therefore can happen during normal operating hours.

The maximum time after the terms and conditions have to be reconfirmed for the hotspot is 7 days. This time is too short for some customers. A variable input of the period would make the decision for customers flexible.

Would like the ability to configure a guest wireless SSID behind a RED to enable the traffic for the guest to go out the split to the internet and not utilize the UTM tunnel bandwidth, saving that for the internal network.

The UTM's wireless logs should show when a client authenticates with the password of the day and not just with the wireless network itself.