Currently not available for reporting on the iView, we have a small number of NAT rules and would be great to have this usage report available under the reporting server.

It should be possible to create an exception for encrypted attachments without having to disable the malware scan.

I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.

Hello, One way to automatically extend the usage time for Wi-Fi before a holiday in a week would be a great thing. On working days, the WLAN is set to 22 clock, on weekends until 24 clock. Please extend the possibility that the UTM can automatically be extended before local, regional holidays.

Would like to see support for IKEv2 in AWS appliance.

Microsoft have released guidlines to restrict access to specified O365/Azure tenants.

This requires the injection of an HTTP header.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

Without his functionality being added to UTM users can access any tenant when rules are added to allow access to MS Cloud Services

Any plans to offer an extension-based Chromebook filter? It would be great to have a single lens for filtering of all devices.

Executive Reports of top Ten include packets which are dropped by the UTM. Since the goal of network admins is to detect unauthorized traffic which penetrates the firewall, Executive Reports which include dropped packets are a waste of time. For every item, the admin is forced to download the appropriate firewall log file and see of the IP address in question is included in the list of drops. This is a great waste of time. If you do not fix this, our company will be forced to find an alternative solution.

As of 9.601-5 the UDP port for IPFIX flow export is hard coded at 4739. Please consider making this a configurable port number! We are trying to incorporate flow from UTM into an existing monitoring tool listening for flow data on a different port. My choice now is either no flow data at all from UTM, or reconfigure all our other devices and monitoring software to use the sophos hard coded port.

As admin I want to have intermediate CAs automagically added for certificates issued by Let's encrypt client, so they are then served when estalishing TLS connections ad retarted libraries are not breaking due to incomplete certificate chain

In the "Policy Helpdesk" when the blocked domain or URL is added to the database would be very useful in determining if an attack was successful or not.

If you find malware on your system and determine what URL's it was using. Then going to the "Policy Helpdesk" to see if it is currently being blocked is not very useful if you do not know when the block was added to the database.

Hello,
It would be nice if you could add the sandbox function to the user portal so that users could check and submit data themselves.

Currently there is a limit of 50 configs in OpenVPN GUI.
There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

I would like to see that in Sophos UTM SSL VPN Client too.

Please add an application category for Veeam replication traffic. It currently appears as the highest traffic volume as "Unclassifed" - sick of having to explain it every month.

The Device monitor has:
- Conn. to Central Mgmt
- Gateway Status
- Interface Status
- RED Status

First of all, none of our clients need RED, but almost all of them have S2S VPN. Can you add a way to pick what bits to monitor on the Device Monitor and allow me to decide what to display in the NOC?

Thanks!

At the moment it´s not possible to add custom categories under Web Protection -> Application control. Therefore it´s not transparent with application control to get a detailed information what amount of traffic/bandwith is needed for own applications because application which a not predefined by Sophos are only shown in application category “unclassified”

our customer need an info , looks like site2site ipsec up/down , but for IPSEC Client.
So if an employee or some one get connected over IPSEC, the admin get an info.

Please implement support for DNS over TLS queries to supported resolvers (like the new Quad9 resolvers). Very important privacy feature, imho.