hi,

There are problems with YandEx. There are thirty application types from google. For Yandex, we need that much detail.

web side and application side are very inadequate.

I want a download / upload solution for yandex applications.

Be able to change the IP's through the front panel. Put behind a password to make it even better then the SG front panel.

When routing internally to remote subnets we MUST use:
set advanced-firewall bypass-stateful-firewall-config
or when the return traffic comes back to the subnet without going through the Sophos XG) it breaks the session.

For instance,
Remote office is behind a MetroE/MPLS
Connected via local IP address
Route is added in XG for the remote subnet
! Traffic does not flow

If you add
set advanced-firewall bypass-stateful-firewall-config add sourcenetwork 10.10.10.0 sourcenetmask 255.255.255.0 destnetwork 192.168.5.0 destnetmask 255.255.255.0

Then it works.

In Firewall Rules, when selecting an unique ZONE in "Source Zones", display only objects of this Zone in "Source Networks and Devices" and not all objects

show references for each components, as example we can show which rules are using such object

Identify application activity in detail eg. Webmail > message sent > via GMail/Office 355

when VLAN users access the internet. that time captivate portal come default VLAN. we need to come this from VLAN default gateway

How about some better messages to the user when their login failed, particularly when they have used up their Quota, right now the unrecognized user message causes a lot of confusion to users. would be nice for user to get a "quota reached, or out of time, or etc" type of message when they've reached their allocated amount. possibly extend idea to include other messages, bad password, almost out of time, etc. right now the generic one size fits all message is no so helpful.

We all know Mac's don't support 802.11r fast transition, and instead do signal strength. Can we set the minimum receive RSSI to help force a device to a closer AP?

It would be so good if you guys can include a bulk user edit function to enable settings such as Quarantine Digest across all or large selections of users. Right now we are forced to edit 200 users individually to enable quarantine digest. Its simply not acceptable for software to be this labour intensive.

On some ISP box, DHCP server is up before network is really connected. This allow RED to obtain IP adress, but to failed into reaching network and XG (if on another wan site).
It should be good to add an ability to check if Network is up before trying to connect.

We need a way to do modern user/client authentication.

Please check out the meraki method...dynamically created users based on I.P/or Mac address. See if they are online or offline. Get stats about the user. If they are in AD, automatically discovered by AD as well with no agent.

The current method does not work at all for sites without AD, very clunky even with AD. Please modernize this feature.

1) On Identity, We cannot Enforce Web, App or IPS Policy on a user Directly. Previously it was in CyberoamOS. Please give that option.

2) While hosting a server, we cannot give multiple source and destination Port numbers. Previously it was in CyberoamOS.

3) Lots of customer whom I interacted have found cyberoamOS GUI is more easy and user friendly.

At present, once a syslog server is created, the name cannot be changed. Syslog server names should be modifiable without having to delete\recreate the server.

It's been confirmed that the MTA Smarthost relay function does not support SASL with wraps the PLAIN LOGIN with TLS using STARTTLS. This request is for the support of SASL similar to the implementation of it on the administration notification settings form which does support SASL.

There is a plethora of Snort rulesets that should be of great value to XG users but implementing these at present seems horribly difficult.

Snort users have a lot of flexibility in terms of managing the rulesets within the application - it would be great to have more of that here as well.

It would be great to be able to display more Clientless Users within the Clientless Users screen. When dealing with large ranges it becomes tedious to alter the status of say an entire /24 worth of users.

Ignore L2 routing for WAN interfaces.
if not it casues DDOS attacks for uplink WAN
if not it causes async routing issues for all remote inbound connections

(Other vendors do this to prevent Async routing. Specially in Belgium where major ISP leases static IP's with /19 subnet. )
Case: 7804710