Ability to whitelist or reclassify known good traffic the XG detects as another type of application.
Example. Cisco Meraki WAPS talk to each other on UDP port 9358. Our XG430s think this is something called ThunderVPN and continually report on it as a level 5 threat.
Call with Sophos support confirms at present no way to exclude this from report or whitelist. Sam with VMWare replication. Classed as ideafarm-door (only a level 1 threat) but still shows up in reports as sending large amounts of traffic (expected).