As yet there is no support for MPoA which is the required protocol for VDSL2 on the NBN network. With ADSL fading out this seems to be an essential feature

277/5000
The Search Log Files feature (Action, Time, URL, User) is very useful when using report format, but we were not able to download it.

It would be very interesting to be able to download these searches, just as we can do in Logging & Reporting> Web Protection

With current exim configuration, the "Out Of Office" replies getting rejected by the BATV due to the null return address in the reply. Please add a feature to handle these messages pass through the BATV feature.

Send the top user report via email when the interface utilization speed crosses the set threshold value

Let's Encrypt Integration came with UTM 9.6. That's great!

You should now implement the support of Let's Encrypt Wilcard domains with ACMEv2.

Best Regards

i would like you to add an option to remove users from UTM after they get authenticated and synced from STAS to the UTM, sometimes even when you remove the user from the STAS it keep stuck in the UTM and then i have to restart the device to wipe all the users and start fresh, adding this option will ease the work

ADD DNSexit.com as dynDNS Provider
please add DNSexit.com as dynDNS Provider.
because they can host top domain name(yourdomain.com) for free.
or create own providers under dynDNS for any other profider.

thanks!

When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

Currently, Web Server Protection logs only note the first listed domain to identify which virtual web server was used by the client.
• server: first domain name of the virtual server serving the request

Since there can be a number of domains used by the same virtual web server, it would be much more useful to log the actual domain requested in the host header. As different domains can be used for different environments, this would provide much better analytics on how the virtual web server is being used.

It would be nice to block file upload on cloud services or any other webiste, to prevent any kind of data leakage.

Estimados, sería muy importante poder generar una actualización en la que desde el Captive portal se pueda descargar el certificado de SOPHOS para la aplicación del escaneo HTTPS y forzar el SAFE SEARCH. En instituciones donde asiste mucha gente con dispositivos propios que utilizan el servicio de WIFI no se puede instalar de forma centralizada el certificado lo que impide el uso del servicio de escaneo que es muy importante sobre todo en instituciones educativas para proteger los contenidos a los que acceden los alumnos.

Currently when logging in and specifying a bad username or password, no feedback is given. The page simply reloads with no indication that the login attempt was even processed.
Request:
Provide basic authentication feedback preferably by populating runtime variables. These could be common auth failure results of "bad username or password", "account disabled", "password expired", "authorization failure", etc.

When UTM is deployed as part of a proxy chain the WAF logs do not capture the client source details present in the X-Forward-For headers, but will instead log the upstream proxy's IP address as source.
Can we have a log field that allows administrators to also see the original requester's source address?

Note that ProxyProtocol support does not solve this issue as many upstream proxies do not support this for traffic already tagged with X-Forward-For information.

Allow administrators to modify the pre-supplied rules for the WAF as custom rules cannot override existing signatures. Having to create a custom signature and then exempt the built-in signature causes lots of additional administration and clutter.

The ability to not just create a "skip rule ID" entry for a signature, but actually modify whether the firewall treats it as critical or not. Similar to tuning rules and rule categories in the IPS.

Right now the Website list in Webfiltering has very limited management options. Importing or deleting longer lists is not possible because the page freezes. It would be great to have export and working bulk edit options.