The implementation of LLDP/CDP would help to recognize and present the product in automated network documentation.

I would like a way to force the disconnection of wireless clients.

We would like to monitor actively the usage of each disk partition of the XG firewall via snmpget. The current MIB allows only to request the usage of the whole disk what doesn't make much sense. We need a new MIB containing OIDs for each partition.

I need to export guest users data user name and password to excel with non encrypted password to.print the accounts one by one

The traffic matching local ACL exception is showned in the logs as going through the last firewall rule. So it means when verifying the logs, you have extra entries in this rule logs which are totally not related to it.

Would it be possible to display this traffic another way in the logs that is not linked with the last firewall rule? Because it's not related to it.

So that documentation software automatically can map complete Networks, it would be desirable if details about interfaces and routes were returned during a snmpwalk.

Missing DigiCert root in Certificate Authorities
Uploaded PFX certificates from DigiCert are signed with red cross because root certificate "C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA " is missing in Certificate Authorities.
So this certificate cannot be added as appliance cert.
Please add it.

Suggestion with regards to how XG Firewall handles backups. I would love to have the option to auto backup when the config changes. Weekly or daily often leaves me with either to many backups or the possibility of having a backup with missed changes

The API documentation on your site is either outdated or just wrong in regards to Country Host Groups. The actual parameter is <CountryGroup>, but isn't listed anywhere in the documentation. The sub-parameter to pass it is <CountryList>, not <CountryHost>, which in turn needs to be passed a series of sub-parameters of type <Country>. There is also no example listed.

Currently I can upload certificates with keys including special characters to the "Certificates" tab under "Certificates". Unfortunately, uploading the same certificate under the "Certificate authorities" tab results in the following error:

Special characters |, `, ', ", <, >, (, ) and \ are not allowed in the passphrase

I don't see why special characters can be used in the passphrase for "Certificates" but not "Certificate authorities". Please allow special characters to be used in passphrases under "Certificate authorities".

Other manufacturers like meraki offer a speed test on the WAN bandwidth and available throughput.

There is a Linux utility called ntopng https://www.ntop.org which is very good at identifying and classifying network traffic at high speed. If you could integrate this into SFOS it would be a very powerful tool.

WAN Failover needs at least to have ranges
Example: Ping between 0 and 100 consider WAN up

Packet Loss would even be better
Example: Packet loss higher than 10% consider WAN down

The other vendors have these options, WAN Failover is pretty useless when a line can have a 2000 ping and 75% packet loss and still be considered up... These are the most common problems with the biggest carriers in the US such as comcast...

Get the option to disable MAC binding while importing groups from an authentication server (Example: Active Directory), this because it can be easily forgotten afterwords and this can break SSL VPN for users in the new groups because MAC binding is not supported on SSL VPN.

Would like to have the ability to create a user profile that is somewhere between full admin and general user something like a power user and be able to define what they can and cannot access when logged into the admin console.

The Cellular Modem page under networks leaves a lot to be desired. There should be many more options to configure connections and a signal strength meter. Look to the Modem Manager application on Linux for inspiration, something like that in the XG would be fantastic. Also need more support for modern cell modems, the compatability list is starting to become quite dated. With 3G ending this year I think it is soon time to prune all 3G only devices and start supporting LTE/4G/5G models.