Currently, if a company has a pool of laptops to be handed out by users that have the SSL VPN client installed, they cannot log into the SSL VPN client without first logging into the user portal and then downloading the configuration for their particular user. It would be nice to have one VPN client install and if the user is a member of a particular security group, be able to log in using the installed VPN client software.

In UTM9 there is Czech language for user portal. Is has been dropped in XG, therefore many customers refuses to migrate. Please get it also for XG.

please let us select the hostname as on utm with hostname, ip and user. it is annoying having 2 or 3 tabs called "sophos" if you change settings on multiple XG's

A better interface for selecting which file types/extensions you wish to allow/block.

The SEA is better featured in this respect allowing you to select by extension rather than "mime type" (which is very hard to do effectively as some extensions share mime headers).

If not then more mime types should be included by default!

Enable packet capture filters and options and pcap download in web admin interface.

Assigning same subnet ip address in different interface in seperate zones. This will help in endusers to select different IP Address: Example: 172.16.16.1/24 -> Proxy 1 Zone & 172.16.16.2/24 -> Proxy 2 Zone. and apply different firewall policy based on the zones they try to access the services from. (Example : In explicit proxy mode)

Particulary helpful since XG doesnt have Virtual Contexts/Virtual firewall with the same hardware.

Currently, you can only filter to select an entire set or subset of IPS signatures within an IPS Policy.

There is no way to exclude a signature from an IPS Policy.

We would much rather include all signatures that fall under a certain category (e.g. Web Applications) as one policy entry, and then add a "whitelist" exclusion of false-positives as a secondary policy entry.

Grant us the ability to alter the "age-out" option for IPS rules, similar to what existed in the UTM. Given the signature count differences between the XG750 vs lower models, we see this age -out happening behind the scenes. We would like this under or control.

Currently when email file type attachment was blocked, the recipient still received the email with filtered added in the subject.
Why can’t the XG just blocked the email and notify with a failure notice saying banned file type detected. Serve no purpose that the recipient received the email without the attachment and receiver still need to notify the sender.....

Integrating CDN service providers (Akamai, Cloudflare, Amazon CloudFront, etc) on intrusion detection and network attack prevention modules, so that it can be easier to deal with

If i made any changes in group or firewall rule all desktop client will automatically disconnected.

XG firewall VPN client should auto-connect facility (in silent mode) when connecting to client network.

it will be good to add loopback address for routing protocol like ospf and bgp expecially that can be created as connection between peers. i think is not difficoult to achieve.

Please add support for getting ARP information over SNMP. We need that information to connect the XG Firewall with macmon for NAC reasons.

Assigns Simultaneous Logins for Groups

As we are not able to assign for each and every user manually, almost 15000 users are there

Can you look into this and revert back the solution for the same

Add the HIP protocol to your product and you will be the first in the Enterprise sector to do so. Currently there is but one player in this revolution in network security, Tempered Networks. While their product are aimed at the critical infrastructure vertical (as was Cyberoam at one point) the technology could be easily applied to almost any network.

Please add OVH as DynDNS Provider.
They are using dyndns2 protocol.
Reference for Debian: http://julien.coubronne.net/dyndns-with-ovh-on-debian/

I need to serve the DHCP options 66 (TFTP server name) and 76 (Bootfile name) for PXE boot. Is it possible to add these options like the DNS and WINS options?