It would be great to be able to enter a partial MAC-Address as eg. 00:1A:E8:* within the MAC Address Definition section.
The MAC-Address in this example would involve every device from the vendor Unify.

It would be great to be able to assign the netflow service to zones the same as you can with most other services: SNMP, SSL portal, ping, user portal, etc..
You cannot truly segregate all management traffic/duties with the current implementation without rewiring the default Lan port to be a dedicated management interface

We are using DHCP server from our XG firewall. IP leasing setting is 12 hrs. I am looking for some tools from which i can find the ghost IP ( IP which is not active) and clear it up from the DHCP pool in order to assign to new connection.

Secondly I want to know that how can i make a rule that if a device is not authorized to access internet should not get the IP from the DHCP server.

Currently, on XG firewalls one can disallow fragmented traffic via the CLI (fragmented-traffic deny). But this cannot be reduced to IPv6 UDP traffic only.

we need in the future to be able to set a group of WAN Links to performing load balancing
Example
I have 6 Wan links from different ISP's ( Vodafone, WE, TE-DATA, Nour, Orange, and Etisalat)
we need to be able to make ( Vodafone, We, and TE-DATA ) perform load balancing to serv specific Subnet and create another load balancing with the rest of ISP's ( Nour, Orang, and Etisalat ) to serv another subnet

It is submitted that in the firewall the DHCP Lease can not be download properly due to this admin user has facing the problem. So your are requested to please provide the function to import excel file of all DHCP Lease IPv4 so that all lease can be downloaded easily and maintain the DHCP logs by the admin user properly. Firewall>Network> DHCP>IPv4

Customer wanted to have the OP manager compatibility with XG Firewall

In the current firmware , if want to modify a service means i have to remove from all rules which is related this service. So this should be update the upcoming firmware. Services need to be modify without removing from rule

I suggest the implementation of network map visualization to watch os type, hostname, IP, open ports and manage their network access.

Currently WAF rules can only have their source filtered by IP or by Network, while regular DNAT rules can be filtered by IP, IP Range, IP List, MAC Address, MAC List, Host Group, Network, FQDN Host, FQDN Host Group, or Country Group.

I'd like the functionality of the WAF source filter to be expanded to have the same capabilities as a full DNAT rule.

I'm specifically after the FQDN host so we can filter and use DynDNS hostnames but the other things would be handy as welll

In v18 of SFOS of my XG firewall, SSL/TLS inspection is a global on/off setting. I would like to be able to control the use of SSL/TLS inspection per rule instead of globally.

I have an old copier trying to send secure emails and the inspection engine is erroring out with a timeout error. There is no way to make an exception for this. If could just create a new firewall rule so this copier could send out emails would be great while leaving SSL/TLS inspection enabled for all the other rules. v17 everything worked fine.

allow making editable the services rule in hosts & services option while the rule is live.

As if the site is live and we want to allow a new port on the server then we have to take it down first from the firewall rule then need to go to the services option and then it will allow us to change after that we are able to add the new port in rule

It's not proper way if we want to take down our live site for a few min it will bad impression on business

Netflow data can travel on Ipsec vpn.

We are using XG115 firewall. Cybersecurity Auditor raised following queries.
1) operator can see all the firewalls rules. there is no option to assign selected firewall rules to the operators. Alot of profile limitation.
2) 4 eyes is not available whenever changes are done in the firewall.
3) Mac address fails to work because of router and switches of layer 2/3 in between the network inspite of putting static mac address on the switch it still failed to work.

Need to have Ip2country for IPv6 based hosts and IPv6 addresses per country. Also be able to list of networks in IP object like IPlist.

Hello Team,

We have customer here requesting to Utilize the weight value for WAN failover order of priority to become active. For your assistance please. Thank You

Hello Team,

We have customer here requesting to Utilize  the weight value for WAN failover order of priority. For your assistance please. Thank You