My ISP supports native IPv6, they support prefix delegation using DHCPv6-PD to assign a /56 subnet. They do not assign the WAN interface an IPv6 address (i.e. no IA-NA) and only provide a prefix delegation (IA-PD). Currently XG (and UTM9) doesn't work with my ISP to get a PD because there are no options to request IA-PD only. My ISP edge router will respond to a solicit message with a IA-NA and IA-PD request but it would appear that the XG doesn't conform to RFC7550 when it sends a IA-NA message and receives a "NoAddrsAvail" from my ISP edge router.

The Email Protection lacks ability to select a specific host certificate for an exposed SMTP server. Right now only CA certificate can be chosen and host certificate is dynamically created. SSL Certificate in Email Protection could be assigned the same way Web Certificate is in Web Protection.

In the list of host objects, all have the option to create groups, except for MAC hosts. Please add ability to also create groups for those objects.

According to the following thread, SCP-Access to the Firewall should be possible. It would improve troubleshooting workflows a lot.

https://community.sophos.com/products/xg-firewall/f/46/t/73960

Please provide ability to use Google's Dynamic DNS service.

For real protection from malicious emails, this is one of the best way to protect organization. This hasn't been in Sophos email appliance, UTM but I wonder if they will be adding it to XG. Without this, there is no easy way to compete with Fortinet/Proofpoint ... I won't even mention this is demanded by customers.

In UTM Wan interface there is a button for renew DHCP. There is not such button in the XG Wan interface.

When creating an Alias (System > Network > Interfaces > Add Alias) and then creating a Business Application Policy for the external address

- Business Application Policy does not have an option to forward pings through to the Internal Server

Currently it is only possible if Forward All Ports is selected from the Business Application rule
-

When viewing the various dashboards, email addresses should not be split into separate entries if someone used various case (all lower case, all upper case, some lower and some upper case).

We need to specify differenti timeout or different concurrent session per Security Policy

Now is not possible to do a bulk insert of objects, services and policy. This cold be very useful when you migrate from other vendors or you want to preconfigure a new devices

Have the option to assign a MAC address to a clientless user instead of an IP address, also have the option to assign multiple MAC addresses to a client for all their devices ie phone, tablet, pc

It is hard to develop several filter policies with little differences for several groups of users. It would be nice to have ability to inherit, for example, web categories from other web filter policies and for application filters as well.
Or there could be the ability to duplicate policies as it has been mentioned before.
Thank you.

At the moment export full configuration is easy with the new option but we need some way to export full configuration or part of it where the config. is full readable as it is possible with UTM.
This can be used for Passive Analysis too.

Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.

When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.

IPS provides the ability to define custom signatures
Objects > Content > Custom IPS Patterns
(http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FAppendixB.html)
Please add this feature also to the Application List.

Regards
Sebastian