It would be very convenient to assign static ip to users logging in through SSL VPN client. Currently this feature is available only to L2TP and PPP users.

SSL VPN Reports should include the Timestamp of when the user connects and disconnects.

This feature needs to be added.

We need a SSL VPN that can log on before windows. This is required in many environments as it allows GPOs to resolve properly.

Ability to bind SSL VPN to a single interface.

Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.

We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.

We need a way to deploy the SSL VPN on mass without logging into the user portal. A standard MSI would be ideal which could be deployed by any ESD or as part of an image.

In the current implementation we are unable to select groups in the "Allowed users" field. Selecting groups would vastly improve time spent rolling Sophos Connect out for our pilot users.

I bet a lot of other customers also use LDAP against their domain to fetch users from there. Having to maintain pilot users two places makes this a headache.

Thanks

Every downloaded SSLVPN profile is named "usernamesslvpnconfig.exe" and there is no possibility to change this globally. So if you import different profiles with the same username (as we do this for our technicians with different customers) you can't differ which profile is for a specific customer.

Please provide a ability to change this or change the naming convention to SG like.

I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.

I know it is technical possible, with "port share" in the VPN-Server-Config.

Regards,
Marc

It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.

I would like to see WireGuard added as VPN option since it is mote secure, lightweight and modern compared to the current available options.

The Sophos connect client permit list should be able to add users by active directory security group. We are a firm spread across 9 offices and the STAS works great on 17.5 MR9 to load the users to all firewalls but the process of adding all users into the connect client is really laborious especially when there is high turnover.

I would like to see a SSl VPN client that does not require reinstalling the application after every config change. The SSL VPN client config should be updating when it connects after a modification is made.

Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'

Why on earth am i not able to rename my RED units to something sensible? Instead all units is called reds1,reds2, reds3 etc, in the name they are added!
This is hopeless - and it quickly becomes hard to identify the units/networks!

MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.
Specifically comp-lzo is deprecated. See the same idea for UTM

4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?

Need the Option to add multiple WAN interfaces in Sophos Connect client settings.
if there is 2 WAN connection and 1 connection is down then the remote client don't have any option to connect to VPN through 2nd available ISP. if this option is available then the user will have 2 profiles in their Sophos connect client.

I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.

This was a big disappointment to myself who used RED tunnels between UTM's