Creating definitions and firewall rules to allow traffic through an Express route link is exceptionally tedious at the moment as there are dozens of IP addresses and they can change.
Microsoft did have an XML feed and now has an API feed that can be used to pull the information.

Web filter Default policy comes auto-expanded whenever we click on protection - Web.

This is annoying as every time we need to shrink it and go to our required.

Also, there is no filter option to search policy while such filter option given in application policy.

It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Best Regards

Scheduled Installation of the AV Updates and Firmware Installation is required. The firmware updates and AV Updates should get automatically downloaded over the WAN interfaces, however installation of this updates should be done only when the Date and time is scheduled by the Network Administrator.

In addition to the available scheduling options, the custom category should be added, where in the administrators can select a custom date and custom time, after selecting the custom date and custom time the system should prompt if these settings are just to be executed once, daily, weekly, every 15 days or monthly.

Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.

It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.

NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?

You can put it inside device access, denying WAN from using NTP server for security reason.

UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.

Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

Best regards,

Carlos

At home USB NICs are ideal. Exactly the same problem we had in UTM9. Link below.

http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/3752786-networking-usb-3-0-network-adapter-support

At the moment, there is no way to disable/enable an interface inside SFOS.
Strange!Even using CLI menu.

Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
It should also support the Per-App-VPN feature which was introduced in iOS 7.

It would be amazing to configure the Sophos Endpoint (not the UTM-provided one) to inherit the Web Filtering policy defined in the UTM.