It's clear, that master/s.l.a.v.e as terminology is negatively predestined. The role could be renamed to something like primary/secondary or maybe also just active/standby?

If I have to disconnect SSL VPN User Sessions, it would be fine, when I have a button.

I think it would be appropriate to rename the Blacklist to Denylist and Whitelist to Allowlist. Multiple Customers reported this as offensive.

Currently only one CLient SSL VPN connection is allowed at any one time to Sophos firewall (UTMs). Suggestion is for muitiple connections. Reason is we do off line backups to customer sites via VPN but currently can only do one at a time. We have several customers who require us to do these backups.

Support MS Authenticator App for OTP so customers with Office365/MS365 only need 1 authenticator app on their device

Imagine under Support > Tools, in UTM 9 there was a 'Browse' tab/option that opens an integrated web browser that let you browse the internet. It can optionally to have access to the local filesystem.

This would be useful in many scenarios when you don't have access to local server or computer. Similar to my scenario, where I need to hit a Comcast router, UTM is NAT'd behind and I can't because no computer locally.

Sophos does currently not support the VPN Connection of iOS devices due to incpmliant key length in Certificates. Apple devices expect 2048 Bit. Please upgrade the WebAdmin CA.

Some news about that?

https://ideas.sophos.com/forums/17359-sg-utm/suggestions/1217421-red-dsl-vdsl-pppoe-support

Hello,

I'm using SSLVPN and am getting "Bad compression error" as mentioned in below post:
https://community.sophos.com/products/xg-firewall/f/vpn/100669/ssl-vpn-bad-compression-stub-decompression-header-byte-102

Downgrading OpenVPN client to version 2.3.10 solves this issue.

As discussed with Sophos Escalations Team, raising a request here to upgrade OpenVPN server of Sophos to make it compatible with newer versions of OpenVPN client.

Ubuntu 18.04 onwards ships with newer version of OpenVPN client and its older versions are no longer supported on Ubuntu 18.04 onwards. Hence, it would great if this can be done at the earliest.

Logging & Reporting / Network Usage / Bandwidth Usage
shows an IP which is apparently the source of the bandwidth used.

Please add another column, and label them "Source IP" & "Destination IP".

Our UTM-9 is deployed in a datacenter, with a few dozen IPsec Site-to-Site VPN Tunnels. A few of them have similar remote subnets and we need to be able to track bandwidth usage through a given tunnel. Knowing both source and destination IPs for my bandwidth used would sure be nice.

UTM doesn't support anything higher than TLS 1.1 For the User and Admin portals. This is a huge security fail for a security appliance.

When publishing websites that has large request headers the WAF dismisses the request with "Size of a request header field exceeds server limit".

This is a major issue when publishing ADFS and other authentication mechanisms that use claims/tokens and sometimes they exceed the default value of 8K.

Please make firmware changes so that this value can be changed through the UI. optimally as a pr. virtual web server setting.

I got problems with sending EMails via my Sophos UTM firewall to specific EMail addresses. The EMail delivery in general works, i got only problems with specific Email addresses. Therefore, an EMail testing feature via web interface (with verbose output) would be great!

I've 3 AP connect to a UTM, i would reboot them but not manually with the aweetool, with a schedule task (crontab, rc.local, shutdown -d [time] ecc..., at the moment do this isn't possible..

This "feature" is very important for a correct connectivity ofthe AP, because
every one/two/three months you are forced to restart them manually.
The awetool is useful but yu need to connect to UTM by ssh, start the tool, find the AP and reboot it MANUALLY.
Give the possibility to create a crontab for do this wil be very very useful, we'll apreciate it.
thanks

Option to disable the TLS 1.1 in email appliance

Every time when I chage the users status on my Active Directory Server (blocking, disableling or excluding an account) I have to go to UTM and manually resync users to make the changes updated in UTM. This is an inconvenience. My sugestion to Sophos is to enhance UTM to make Active Directory users resync automatic.

We have a list of file extensions that we block for mail exchange.
But we want to allow our users to unblock only specific file extensions like doc or docx in the quarantine portal.
The extensions like .exe or .bat etc. must remain forbidden
At the moment in the quarantine release options it's only possible to allow/disallow every file extension.

PCI scans that see a remote access port open to the internet fail because the appliance still supports TLS 1.1. I have to dispute this every time, and it is a real hassle

Logging: Syslog Support of RFC 5424

is it possible to change the time format for the syslog messages?
To the RFC 5424 format?
br
Kai