For Sophos Firewall Manager to have NAT-T and other aspects on VPN wizard

Would it be possible to incorporate sending WOL packets to host before trying to connect to them using Clientless access?

When sending an encrypted e-mail it would be nice if the Sender would receive confirmation from the appliance that the e-mail was indeed encrypted and sent to the recipient. Could you add this as an option in the SPX templates if it isn't already there?

It would be awesome if you could make the link for an Attacker's IP address take us to a place like CentralOps.net or even the built-in tools so we can reverse DNS the IP address to figure out if the threat is credible or not. Also awesome would be the ability to then block that attacker permanently by creating a firewall rule to reject traffic from that specific address with a simple button click.

UTM allows us to configure different web profiles where different device-specific authentication can be set.

This is very useful in environment where BYOD is required and more than one profile is needed.
So inherit from UTM.

On the UTM9 you could assign a static lease to a device by clicking on a Make Static button, please add this functionality to the XG.

Rather than require a plugin to encrypt an e-mail can you add the option of using the Sensitivity header which has been around for quite a long time now and is used by your competition (IronPort) to trigger encryption. A simple check box in the setup of the SPX profile will be sufficient. Just seems like you are trying to re-invent the wheel with your Outlook Add-in which in its current state on the UTM won't even install on most computers without an error.

Please add the ability to encrypt e-mail based on a keyword at the beginning of the Subject of an e-mail like "Secure" or "Confidential" or "Encrypted". This functionality already exists on the SG, can you bring it over to the XG? In lieu of this could you provide more than just a plugin for Outlook? Something for mobile devices? An extension for Thunderbird?

It's was a good idea to create just email authentification in Hotspot and to have report with all mail. Free Wifi is good but a lot of Customer want to have a revenu with free wifi.

A feature to allow Admins to do the following:
- View and perform actions (delete, download, deliver, report FP) on SMTP and POP3 Quarantine
- View the SMTP mail spool and perform actions (delete, download, view, bounce, retry)
- View SMTP log, with filters, searching, sorting
- View corrupt/undeliverable SMTP messages and perform actions (delete, download)

I believe this is related to an existing suggestion:
http://feature.astaro.com/forums/330219-sophos-xg-firewall/suggestions/10944024-resolve-netflix-streaming-issue

UTM customers are able to get around Netflix streaming issues using the workaround detailed here: https://www.sophos.com/support/knowledgebase/121646.aspx
This involves creating an exception for traffic based on its User Agent. There is no option to do this when configuring exceptions in XG as far as I can tell.

Like the UTM allow for a custom logos to be uploaded and used for the SPX portal page (possibly block pages as well?). This is currently not available when making SPX templates.

Archive and download old logs in tgz format like in UTM: Logging and Reporting > View Log Files > Archived Log Files.

At the moment no way to customize notification. I receive mail when the WAN gateway is down/up.
You need to provide us a way to create rules where we can decide when receive notification, alert level (warning, information, critical),who will receive the notification. As soon you integrate SMS, please also allow us to receive SMS (it is an old way) but when the mail does not work....
I would suggest you to create a panel as the Network Policy Rule rule to manage notification rules.

The system should send users an email when 50%, 80% etc. of their cycles Network Traffic Quota is consumed.

We have more customer with many branches and two or more Internet connection. We want to enable a Singla VPN SA that could be terminated on two differents Peer IPSec Gateway, so we can create a reliable VPN Connection that can use two different Internet connection, depend on what we can specify as first and second Remote Peer VPN.

My ISP supports native IPv6, they support prefix delegation using DHCPv6-PD to assign a /56 subnet. They do not assign the WAN interface an IPv6 address (i.e. no IA-NA) and only provide a prefix delegation (IA-PD). Currently XG (and UTM9) doesn't work with my ISP to get a PD because there are no options to request IA-PD only. My ISP edge router will respond to a solicit message with a IA-NA and IA-PD request but it would appear that the XG doesn't conform to RFC7550 when it sends a IA-NA message and receives a "NoAddrsAvail" from my ISP edge router.

The Email Protection lacks ability to select a specific host certificate for an exposed SMTP server. Right now only CA certificate can be chosen and host certificate is dynamically created. SSL Certificate in Email Protection could be assigned the same way Web Certificate is in Web Protection.

In the list of host objects, all have the option to create groups, except for MAC hosts. Please add ability to also create groups for those objects.

For real protection from malicious emails, this is one of the best way to protect organization. This hasn't been in Sophos email appliance, UTM but I wonder if they will be adding it to XG. Without this, there is no easy way to compete with Fortinet/Proofpoint ... I won't even mention this is demanded by customers.