It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Best Regards

Clustering UTM is very easy. Now you have to assing an IP to the ***** XG and create the cluster. UTM clustering technology is the simplest one I never seen. The other thing is the DMZ zone to be used when you need to create the cluster. A dedicated zone should be available (maybe HA?). Also a second interface is missing as an alternate interface.

Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.

When will the ability to define multiple upstream web proxies currently in UTM 9 be available in the XG Firewall?

In Sophos UTM there was an option to allow specific user groups to override a URL block under Web Filtering. This was really useful for educational environments so our teachers could bypass unintentional blocks for kids. Please bring it back! :)

It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.

NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?

You can put it inside device access, denying WAN from using NTP server for security reason.

UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.

XG looks like Sophos Standard. On Email Virtual Appliance, when I have a new pending firmware to install, I recieve an email saying that a new firmware is available to install and it will be installed at .... (I have automatic upgrade during the night). Inside the email, I have the link to release notes.
Please implement this feature to XG too.

Would be nice if the source port was already pre-populated like it was in UTM9

Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

Best regards,

Carlos

At home USB NICs are ideal. Exactly the same problem we had in UTM9. Link below.

http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/3752786-networking-usb-3-0-network-adapter-support

At the moment, there is no way to disable/enable an interface inside SFOS.
Strange!Even using CLI menu.

Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
It should also support the Per-App-VPN feature which was introduced in iOS 7.

It would be amazing to configure the Sophos Endpoint (not the UTM-provided one) to inherit the Web Filtering policy defined in the UTM.