Actually there is only a client isolation between Clients which are not connected to same Sophos AP.
There should be a solution where all clients are isolated, even when they are connected to same AP.
Meanwhile the restriction should be mentioned in the online help of wireless protection.

this is self explaining and need no further details.

This feature request is related to community forum postings and service request 8034172.

Please provide a reporting AND monitoring option for XG* appliances to track the amount of internet up time. The report may be tied to a single port, such as port2/WAN or other ports that are user-specified.

At present, I have no practical way to actively monitor and report how long my ADSL connection remains up. I have historically been experiencing frequent and recurring disconnects and REALLY want to be able to report when I experience disconnects, so I can bring this information to my ISP.

Please add Interface wise Bandwidth usage in log-viewer, It will help us to find realtime bandwidth usage by specific source & destination with port.

Could Sophos consider to allow the use of sandstorm and heartbeat (with sophos free AV) for home users and increasing the ip limit to 100 (IoT is around the corner) for a price per year? 10$?

If there is other people interested it could be another stream of incomes from sophos and at then end the use that the home users will do of sandstorm will be extremely limited compared with a company with thousands of users.

https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/85005/xf-firewall-with-sandstorm-and-heartbeat-for-home-users

Please add DHCP option 121 as a preconfigured DHCP option for pushing static routes over dhcp

Addition of DHCP option 60 & 61 to allow connection of UTM to Sky Fibre. Sky uses these options for router identification and the username / logon details for the broadband service.

most of our SG's are in a datacenter. It would be nice to have a feature to power off/on a UTM (like the old HP ILO of Celestix IPMI interface).
If an UTM somehow is powered off we now need local support in the datacenter to do a powercycle.

The HTML5 VPN Portal works for almost all platforms exept iOS. It would be great if you could add support for RDP/VNC connections on iOS devices.

Add support to monitor the dhcp leases via snmp.

Maybe this is easily possible by adding something like this:
https://github.com/ohitz/dhcpd-snmp

Currently the Sophos UTM / XG do not support Private VLAN's. This is a major security feature that is being used more and more often especially in virtualised environments with VDI's, DMZ's or even sensitive / untrusted local equipment at an office campus.

With the addition of private vlan you can prevent these devices from communication with eachother. However Sophos does need to support this feature. Currently the virtual variants do support it thanks to VMware but the hardware variants do not.

The customer want to use the API to generate voucher password for guest user logon, they want to design the web portal for guest user to apply and get logon password, but we can't found out the syntax on the RESTful API can support this applied.

If ipv6 is on, than its also on für smtp. But we get no static IPv6 by Deutsche Telekom AG without a expensive contract; but we get a static IPv4. With no static ipv6 we cant configure the AAAA-Record / PTR /RDNS . So our ipv6-Mails will classified as SPAM because we cant disallow to send mails via ipv6. But we will need ipv6 in the future for VPN-connections.

It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
Best Regards

The UTM should have a function in the Web Server Protection that allows the administrator to configure whether or not encoded slashes are allowed for the servers.

This is especially important for specific SAP-relevant functions, such as Fiori systems.
At the moment it's possible to manually configure this setting but it's reset everytime a change to a server is made.
I believe that it would be best to either:
- not overwrite the that point in the config, if enabled
- or straight up allow this configuration in the panel.

Update URL sample can be found under https://wiki.securepoint.de/SPDyn/Hostverwenden#Verwendung_mit_Fremdhardware.

Site is German but the page itself should be self-explanatory.

It would however be the best option to provide a full configurable custom dynamic DNS to the customers. It should be that hard to implement a custom URL using predefined variables.

Thanks!

create updated visio stencils for the XG platform for use with Visio 2013 and newer.

Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).