i am strongly recommended that keep this master key feature optional. as i am facing lots of problem regarding Master key. i am administrator & managing 5 Sophos device of each different location. we are already using encryption password method for backup.
so why this feature needed and mandatory ?

this is forceful feature not usable for my current scenario & have double headache to remember key and store it on safe place.

also i read in your website , if we lost this key all backup will loss. if you have don't have recovery option this feature is useless for every one.

suppose i kept this key in PC, USB, CD, Could storage, External HDD or in safe place, but there is many chances of corruption Data, Virus Attack, Ransomware Attack, Rename ,delete & Modify file, Many more case of Cloud data leak. that time who is responsible for that ?

before MR18 -3 upgradation we had set the device backup on my email id & ftp server and end of the week backup automatically used to came my email address or FTP Server . But now backup does not come until you set master. last 3 week we are not getting backup . if we are taking on manually its is also asked. every time when i logging in my Sophos getting pop to setup master key. it is really irritating.

There are many development and security concerns are pending from the Sophos side. I request you to focus on that concern rather than a feature like Master Key.

Hope we will get patch or new firmware release ASAP regarding this issue.

I had this awesome idea that I think would significantly help not only the local Sys Admin, but also Sophos.

It's similar to how Synchronized Security and other Sophos "App Intelligence" things work.

A utility application that allows you to monitor/record application traffic data running on your PC.
The idea is to have only a specific program running (such as a game) and you have the tool monitor all the network traffic sent/received by that application. You use this collected data to further collect and send to Sophos Labs and your XG appliance, to better and more accurately determine what traffic belongs to which software/application.

I believe this would significantly help with creating Application Control policies and categories more accurately.

A utility application that you can link to your firewall (for free, it offers no security).
The application has lists and toggle buttons to "start monitoring" an application, recording all of the network data and such that it sends and communicates.

So in a way, it's like a combination of Fiddler and WireShark.

I think it should support requests called in their raw format (and "connect" requests). To even support the detection of applications (which use SSL pinning) where a root cert is simply not possible.

As it stands now, XG's App Control feels very underwhelming.

Compared to UTM, XG's feels very lackluster in terms of features, categories and capability.

For instance, why does XG not have the option to block Advertisements and Trackers?

UTM has the option to block Ads and Trackers, and does a pretty good job at it.

The Web Filter's "advertisement" category does a very poor job and doesn't block nearly as much ads as UTM does. Having the ability to block ads not only by Web Filter policy, but also App Control is in my opinion a very solid foundation to maximize network speed and protection.

Especially considering the fact that again, a lot of ad networks are not at all blocked in XG, and a lot of ad networks/urls are infact STILL allowed via Web Filter, despite category blocking.

If you take a close look at the "web ads" category and such in UTM, and then compare it to XG, I think you'll come to the agreement here that XG feels very underwhelming.

I would like to effectively block ads ENTIRELY on my network. Because use of an Ad Blocker isn't enough, as it cannot block ads OUTSIDE of the browser (consoles, phones, apps, etc).

I'm very certain this would be used not only by Enterprises, Small Businesses, Schools - But also Home users. I would very much appreciate this feature across the board.

Please invest time and research into effectively providing a solid ad blocking foundation in App Control. For example, having categories that block entire Ad Networks, such as: "Google Ads", "Amazon Ads", "Get Clicky", etc etc.

Thank you.