I'm not sure why I'm evening posting in here. I'm yet to see a single enhancement implemented from here in 6 years, even those with hundreds of votes, but we'll give it a go.

I have a lot of legacy clients on wireless Sophos models. As businesses have grown, a number of clients have instead deployed Sophos AP's throughout the business and no longer need (or want) wifi firewall models. However I can't restore backups when deploying non-wireless models to replace wireless models.

This makes absolutely no sense whatsoever. All Sophos has to do is display a warning to say "wireless features will not be restored" and continue. Having to setup an entire new firewall from scratch is painful, and if I'm to be honest if Sophos are going to make me go through all that, I may as well look at deploying something else. Sophos should be doing all they possibly can to keep people loyal to the Sophos brand. A five minute deployment instead of hours chasing down information and configuring everything from scratch would certainly assist.

Customer has WAN interface with VLAN configured on it
When WAN interface is configured VLAN, the only active interface that will work is the VLAN interface
The WAN interface will act as a dummy interface
On WAN Link Manager , the dummay interface will have red status and the active VLAN interface will have green status
This will also give orange interface status on the dashaboard on GUI of XG

Customer is requesting, Ask our developers to simply update the Display Dashboard with the options to hide DUMMY Interface that is not active, in failed state so they will not get the incorrect STATUS on client device console and mislead them to think there is a problem when there is not. OR WORSE, their techs simply ignore status thinking it is a false positive alert, when it COULD actually be a real alert showing one of the client required Internet connection interfaces are down

I would like to request the addition of a jump to the end option under Authentication\Users on the Sophos XG firewall. Case in point, we have a client that has 62 pages of users and we have to click through each page to get to the end of the list for various users. Clicking the arrow, waiting for the page to load, scrolling down to the bottom and then clicking to the next page (60 times) surely adds up. Ideally it would have the ability to select a page but at least being able to jump to the first and last page would be very helpful in cases like this.

So I am new to XG, upgrading from UTM. A standard feature of a UTM firewall is to be notified when a firmware upgrade has been downloaded and ready for installation. Then you log in to the firewall and schedule it to be installed and reboot, generally during off hours when no-one is around.

Why is this not a standard feature in an XG firewall? I guess it is possible to do it in Sophos Central, but did you ever stop to think that there are people that DON'T want to use Sophos Central? I don't allow access to my firewall from outside the network, and that would include a cloud based management system.

"Total Available WAN Bandwidth" should be broken down between WAN links, and broken down between upload/download. Many users have multiple links that are not the same speed, and many (most?) users have non-symmetrical links.

Traffic Shaping bandwidth values should be in kilobits per second, not kilobytes. kbps / mbps / gbps are the industry standard ways of measuring bandwidth, not kBps / mBps / gBps. I see many users on the Community forum making that mistake.

Traffic Shaping Bandwidth Usage Type can currently be set to Shared. This is great for sharing a Bandwidth Pool across multiple firewall rules, by assigning them the same Traffic Shaping Policy. However, the "upload" side is always traffic flowing from the source to the destination. Therefore, if you try to assign the same Traffic Shaping rule to your Outbound Traffic rules as you do your Port Forward rules, the upload and download effectively get flipped on the Port Forward rules. There are three possible solutions to this:

• Create a new object type that can be edited by the user called "Shared Bandwidth Pool" or similar. These can then be "attached" to Traffic Shaping Policies. Therefore, Shared Bandwidth Pools could be shared across Traffic Shaping Policies, and "upload" and "download" could be flipped based on the direction of initial traffic on the Firewall Rule.

• Allow the option for creating bandwidth rules per Interface, instead of per Firewall Rule. This is similar to how the UTM's were set up and worked great.

• Allow the option in the Firewall Rule, near the Traffic Shaping dropdown, to "flip" the upload and download pools. This would allow users to use the same Traffic Shaping Policy for multiple Firewall Rules, regardless of which side is the source and which side is the destination. (In other words, allow for the same Traffic Shaping policy and bandwidth pool to be applied to both LAN-to-WAN traffic, and Port Forward traffic. (See: https://community.sophos.com/sophos-xg-firewall/f/discussions/127723/traffic-shaping---upload-vs-download )

For full description see:
https://community.sophos.com/sophos-xg-firewall/f/discussions/127734/schedules-in-routing

Separating NAT and Routing from Firewall is good idea! However:
The NAT and Routing must have the same (or more) qualifiers than the original Firewall.
or
Temporarily, let the user create a link from the Firewall rule to a Routing policy, the same way a Firewall rule can link to a NAT rule. Hiding the routing link during migration doesn't work when Sophos obsoletes HW and SW and doesn't allow new HW to be downgraded.

Added full (Firewall) qualifiers to NAT and Routing is the correct answer. In the meantime, please expose the hidden routing link (created during migration) to the IT professional so we can create links and continue to buy new Sophos HW.