It would be great if the current FTP proxy can support FTPS traffic

Possibility to customize sandstorm web messages (translate)

I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.

Unfortunately Fully Transparent HTTP Proxy does not offer this functionality.
Read more at http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html#post109466

Add phrase weighting to the content filtration much like what is used in Dansguardian, this would much improve the current content filtration. When used right it would allow pages within an otherwise approved domain or url such as YouTube to be blocked if inappropriate content is present. As is the case with Dansguardian the aggressiveness of this type of filtering can be adjusted quite a bit.

For the purpose of analyzing the current outgoing traffic usage we need a live view of the users’ HTTP connections via the Web Protection proxy along the possibility to sort it by bandwidth.

If one defines a website tag in the UTM for a collection of URLs, then later desires to fully delete the tag (the tags remain in the configuration db even if not assigned to any URLs), there is currently not a way to do this. I contacted support and they said this would be a feature request (seems like missing basic functionality to me).

Add YouTube as a Safe Search option like Google, Bing, and Yahoo.

Customers request support of WCCP for redirecting traffic flows in real-time from a UTM to an out of path appliance. This allows use of third-party web security, WAN optimization or caching solutions. This would not allow Cisco gateways to redirect web traffic to the UTM for filtering.

While researching a UTM, I came across an IM chat logger. This will be a nice feature for Sophos UTM to have so I can inspect chat sessions for company violations/data leakage.

We want to force Authenticated users to log out of their current sessions in WEB SECURITY. We also want to check out who is logged in.
In all three operation mode (Transparent with Authentication, Basic user Authentication, SSO) please.

Our customer has a lot of special devices e.g. ipad, iphones and surface pad. Only these devices should access certain applications eg itunes.

Right now there is no adequate way to realise this requirement unless you implement user-agent based authentication.

Also some customers would like to block traffic coming from certain browsers, or certain browser versions.

Many DLP Systems, etc. work to filter web traffc by utilizing a 3rd party HTTP Proxy (Squid, etc.)... Most work with ICAP compatible Proxies... adding this ability would preclude my customers from having to add yet another proxy to their network infrastructure.

I would like to be able to block the upload of file to webmail using Web Filtering.

Ideally, we should permit users to open a webmail (like gmail.com or other public webmail) but i don't want to permit to attach file/upload file in a new mail on the webmail. In this way i can block a possible disclosure of corporate data. Thanks

At present translate.google.com is categorised as Proxies and Translators and is blocked under the default group policy.
We would like our users be able to use google translate to translate pages and text that are in other languages but without being able to use it to circumvent policy rules and get to blocked sites.

I would like to be able to configure the allowed target services option in policy tab for separate services to each users.

this is self explaining and need no further details.