At the moment understand what's going on is very HARD. Live logs are missing and notepad on every section is missing.
Add live log and allow admins to configure itself coloured live logs (globally or on single windows?). In this way logs have different level of importance and Admins can better understand if they need to worry about or not. For example allows Admins to set red for high-risk/denied traffic/system error, yellow for warning/natted/or whatever and so on.
I really love the live log on Firewall section of UTM9 where reading what's happen is very very easy.

It should be allowed to change the name of Physical Interface objects from default PORTx name to custom one.
Also, comment attribute/field should be added for additional description (like it was available in UTM9).

Right now it is not possible to change the SSL VPN Port by GUI. Port 8443 is used by default. Please add the possibility to change, because Port 8443 is not allowed in many networks.

As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

Currently we have to create a separated rule to each protocoal TCP/UDP.

Best regards,

Carlos

Would be nice if the source port was already pre-populated like it was in UTM9

A great feature in cyberoam was the ability to change webfilter/App filter for a user or group in the identity section.

With XG that good option was left off, allowing only firewall rule based webfilter/App filter application as competitors do.

Please bring back that feature which made Cyberoam so popular.

SD-WAN

This function was available in UTM 9, but it's missing in the new XG Firewalls. I should be able to create a new vlan and add it to a bridge so that it spans multiple physical interfaces. As it is right now, a new vlan can only be added to a single physical port.

Clustering UTM is very easy. Now you have to assing an IP to the ***** XG and create the cluster. UTM clustering technology is the simplest one I never seen. The other thing is the DMZ zone to be used when you need to create the cluster. A dedicated zone should be available (maybe HA?). Also a second interface is missing as an alternate interface.

FreeDNS was on UTM 9, is there any reason why it has not been carried over to XG Firewall.... I for one would like to have FreeDNS enabled in XG firewall as I see no technical reason why it should not be there.

or at least have a custom setting for Dynamic DNS that enables a feature to set Dynamic DNS via a url that can be called by curl.

At the moment, automatic firewall rule is not available in any option as it was with UTM9. For example when you setup a new site-to-site or vpn. This is very useful and time saving. Also add inside Policy Section "Automatic Firewall Rules view".
Last, add the chance to create Groups so we are able to group rules together.

IKEv2 and dynamic routing

When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.

This will help us to reduce time, management in this operation.
By example, Policy Rules with the same same destination, ports, gateway through but with the source address different, could be easily cloned with based from other one.

Best regards,

Carlos

Separating YouTube "Restricted Mode" from "Enforce Safe Search" option in XG Firewall would allow much more flexibility for customers.
YouTube "Restricted Mode" is currently just too “restricted” (not usable) and customers should have possibility to turn it on or off without impact on SafeSearch.
On the other side, SafeSearch is very useful feature that customers would probably have always on.

Under: Policies
Security Policies

Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.

This reduces the rules required and keeps it more unified..

At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.

Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

We would like to allow/deny connections based on a wildcard subdomain (think *.example.com). Only way to do that is to reverse DNS the destination IP and allow/deny based on the wildcard rule?
Although there is the common possibility that the reverse DNS is not the same as the A or CNAME record requested, so I'm not sure how useful that would be.

But, we would really appreciate the ability to filter based on wildcard subdomains.. like *.update.microsoft.com. See:
https://technet.microsoft.com/en-us/library/bb693717.aspx

At moment the Dashboard cannot be customized, no flow control and no in/out of each interface. Really missing many nice features from UTM9. Sort option inside menu in alfabetic order.
Make sure GUI can use all screen resolution; allow us to reset alarms from GUI;
GUI should be similiar in feature as UTM9. We will see!