Why is there even on the control center page no reference to the firewall name.
I don't memorize all serial numbers.
If you manage different firewalls or have multiple firewall windows open, it is easy to make a mistake because you cannot easy see the name off the device you are working on.
At least the control center window should have the firewall name, but also on other pages this would be very helpful.

I miss a Pre-Authentification Option for WAN 2 LAN Rules. Example for TS Access. ALL Sonicwall Boxes have/can this!

It would be great for audit unused firewall rules, if all rules had information with the last access date and time.

In SYSTEM > Hosts and services , there are group setting for IP host and FQDN host.
Please also add the group setting for MAC host.

Customer is using the Sophos wireless; when they configure "MAC filtering", they hope can select a MAC group rather than MAC list.

One specific name mapping to a MAC address , then grouping multiple MAC addresses to a group, for easy to maintain the MAC filter table.

In Sophos XG in there is no option to plan a Firmware Update. You just can update it manualy. I woul'd like to have the option to plan a installation of the Firmware Update.
It would be very helpful.

Load IP list from url.
It would be almost mandatory in any coporate firewall the ability to load an IP list from a URL to create an IP list in "host and services" to use it in a firewall rule

For example I want to load this IP list to use it in a rule to allow only this IP
https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt
This IP list gets updated frequently so it should include as well an option to autoupdate

Having iPerf available on the system. Would make it very easy to test bandwith speeds.

Add support for STIX/TAXII threat intelligence feeds

CTR file must have file extension name

CTR files don't have any file extension name. It caused
1. Customer can't upload file through Support Web Form
2. FTP server or client sometimes misunderstand file type as Text and make it corrupted,

Right now the physical interfaces are assigned automatically to WAN, LAN... and can't be changed, if after an installation you add more virtual or phisical interfaces you can't configure them in Sophos.

Im missing a feature in XG GUI that will allow me to shutdown/(and power on) interface without loosing it configured static IP settings. At this point this can be only achieved by switching interface zone to NONE, but all config is lost.

At the moment, if you want to change the port of a zone form PortX to PortY, the process is not straightforward without pain. Since XG is using zone concept, port and zone should be decoupled but it is not like this at the moment.
Thanks

Please introduce unliked status in XG HA like it is in UTM9.

After we upgrade customer's XG firewall in HA, often the box without important ethernet cables end up as master (active) and then important networks are not available.

At least in XG18 EAP3 is should be possible to change monitored ports? We hope so.

NTP authentication is to verify the time source is legit.

It would be useful to able to import DNS entries from a text file.

Buongiorno, in seguito ad una richiesta di supporto, sono a chiedere l'implementazione di import entry dns sul firewall da un file txt.
grazie

We need session time out after 10 minutes for specific user but this setting availed for all users not for one specific user so please add this feature in firewall.
I recommend you to add captive portal session in suffering quota where is Cycle hours.

If you use the Sophos DHCP Server and another DNS Server it is necessary that the option 81 is active to set and update the reverse zone pointer in the DNS Server.
It is possible to add per CLI options to the DHCP Server but just to set an option without to know which fields has to be set makes no sense.
Please add the option 81 to the DHCP Server.

Routing internet traffic via another gateway should be supported when configured via a firewall rule. Case number 9360729 goes into detail with issue.

I would also like to do policy based routes for only internet bound traffic so that internal traffic can still use the routing table of the Sophos to reach corporate networks and only internet traffic will go out via another gateway.