Let's Encrypt Integration is really cool but it would be even better if there is support for Domain Validation via DNS challenge. With DNS challenge, you can prove domain ownership (through responding to a challenge with a DNS TXT record) without the need to expose any services to the Internet.

Have a DHCP IP Reservation function similar to XG Firewalls.

In XG, you can simply reserve an IP address in the DHCP pool so this will only be assigned to a specific user.

This is not the case with UTM as you have to manually reserve static IP addresses outside of the dhcp range

MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.

Enable the new manual Sandstorm Upload for a select group of Users in the User Portal.

We would like to enable people who are the first point of contact, e.g. HR Department for job applications, to be able to scan suspicous documents and files for a thorough analysis.

In the Executive Report, the TOP10 VPN Clients by duration section does not combine user names that are used in different case. For example, "User1" and "user1" are show as unique users on the list. Given that users have to manually type their user name in the SSL VPN dialog, it can't be expected for users to keep the case the same.

Preventive email base leak.

E.g. text may contain several emails. we are counting only unique adresses. Text may include more than one email repeating and it must count as one consilience.
If some settings is exceeded email transmission is stop.

As an admin in times of growing Internet of things with about 50.000.000.000 IPV6 things in about 2 or 3 Years. I hope to be able to administer ipv6 Networkconnections and there possibilities by the Webadmin tool. Not only generally for all interfaces. And not by doing this in the shell.

I hope that Sophos will update their current AP products to WPA3 and not only ship new hardware with a WPA3 certification and firmware. The release of WPA3 is planned for late 2018 and would be a great addition to existing hardware installations.

Currently Sophos UTM IPS and WAF has no indicator on its logs if a certain traffic was Blocked, Allowed or Supposed to be Blocked (if worker node is running on Monitor mode). Which is a problem for a multiple deployments which is running on a combination of Reject/Blocking mode and Monitor mode. Please add this as another field on your logs as all of other WAF's and IPS that I handled before has. Many other customers had or will find this feature lacking when operating and monitoring on multiple worker nodes.

We have a large number of VPN users and not a day goes by when I don't get an email from a user claiming they got a new phone and need a new QR code and also they forgot their password so could I just go ahead and reset their account for them? Life would be simpler if there was a Forgot Password option where it would send them a password reset link. The process would also delete their OTP Tokens so they would get a new QR code after resetting their password.

Multi-path rules works nice but we don't see at the very moment which connection is used. Maybe "Skip rule on interface error" made the connection to switch to the another interface but we can't see it.
Not sure if connection backs to normal after error rectified by itself or not.

It would be nice if it were possible to customize the Spam Report. E.G. to add Blacklist and Delete Buttons.

I need alert email in case my Internet Bandwidth threshold reached for at least for 5 Minutes , So proactive actions can be taken , it is not possible to put your eyes every time at firewall bandwidth utilization , or raising escalation by customers

Many email systems are blocking messages sent without DKIM authentication. If possible, please consider adding local DKIM ability or preferably, global DKIM ability (that's tough because of the private key required) for message signing). My ISP is now classifying all email sent from fw-notify.net as SPAM because the messages lack DKIM.

Hi,

Policy helpdesk can not handle Users in nested groups . (It shows Blocked to all site for these users but in reality (in practice) it works from the end users browser)
Please add fully support to AD nested groups in all parts of UTM.

Thanks

It should be possible to create an exception for encrypted attachments without having to disable the malware scan.

Please make it possible to send a quarantine report directly after receiving a new (blocked) e-mail.

Sometimes it is very important to answer an e-mail as fast as possible. We can't do that, if the Quarantine Report will be sent hours later or even the next day.

It would be extremely useful to add the possibility to assign a static IP address to clients connecting with VPN SSL. It works with IPsec and L2TP but not with SSL. With a static IP address for each user, we would be able to allow them a specific acces to internal ressources. Thanks.

Make BGP transfer it's state so that during high availability failovers BGP connections are not lost for 20 seconds when BGP is restarting.