It would be very convenient to assign static ip to users logging in through SSL VPN client. Currently this feature is available only to L2TP and PPP users.

SSL VPN Reports should include the Timestamp of when the user connects and disconnects.

This feature needs to be added.

We need a SSL VPN that can log on before windows. This is required in many environments as it allows GPOs to resolve properly.

Ability to bind SSL VPN to a single interface.

Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.

We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.

We need a way to deploy the SSL VPN on mass without logging into the user portal. A standard MSI would be ideal which could be deployed by any ESD or as part of an image.

Every downloaded SSLVPN profile is named "usernamesslvpnconfig.exe" and there is no possibility to change this globally. So if you import different profiles with the same username (as we do this for our technicians with different customers) you can't differ which profile is for a specific customer.

Please provide a ability to change this or change the naming convention to SG like.

I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.

I know it is technical possible, with "port share" in the VPN-Server-Config.

Regards,
Marc

In the current implementation we are unable to select groups in the "Allowed users" field. Selecting groups would vastly improve time spent rolling Sophos Connect out for our pilot users.

I bet a lot of other customers also use LDAP against their domain to fetch users from there. Having to maintain pilot users two places makes this a headache.

Thanks

It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.

I would like to see a SSl VPN client that does not require reinstalling the application after every config change. The SSL VPN client config should be updating when it connects after a modification is made.

Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'

4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?

Why on earth am i not able to rename my RED units to something sensible? Instead all units is called reds1,reds2, reds3 etc, in the name they are added!
This is hopeless - and it quickly becomes hard to identify the units/networks!

I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.

This was a big disappointment to myself who used RED tunnels between UTM's

MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.
Specifically comp-lzo is deprecated. See the same idea for UTM

I would like to see WireGuard added as VPN option since it is mote secure, lightweight and modern compared to the current available options.

We can see RED traffic in report,
but we can't see the traffic in system graphs.

Please add the RED interface in system graphs.
Thanks~

Sophos RED:

I have just begun implementing Sophos RED devices to branch offices. And the implementation have been very straight forward and easy to deploy.

What i really need is some way to get information about the device connectivity.
- How much bandwith is the location using? (Daily, weekly etc.).
- How is my 3G failover connectivity connection? (No/bad/good/excelent connection)
- Email notification in the event of failing over to backup 3G / WAN.

Right now i am simply blind on what status is on the RED...

AND also - please add a RED category...