I am using SFOS at home (at moment) and I have seen from reports that some custom ports (in my case TCP:49275) does not have a risk level. All other know application are already classified. My questions are:

1. why do not add the chance for custom port to become an application?

2. why do not add custom risk level to custom application?

3. Why users cannot change the risk level on know application?

I work with Health care industry and banks too and every customer has different needs so I am sure that for some Skype (for example) is extremely risky while for other is not.

Sophos UTM already natively supports automatic site-to-site VPN tunnels with BGP routing to AWS. I look forward to Sophos UTM supporting the same sort of site-to-site VPN tunnels with BGP to Microsoft Azure in public and private cloud deployments.

I think the easiest way for this to work would be for Sophos UTM to look at the requirements of getting the VPN itself setup (which has been documented in the forums and works), then to make BGP work on top of that, then ensure that BGP and the VPN can work between multiple private cloud and public cloud sites, then contact Microsoft to validate the Sophos UTM solution, once the Sophos UTM site-to-site VPN is a validated solution then it should be an automatic script download through the Azure Private/Public portals.

Watchguard already has this.