As a sophos customer, I would like to be able to export the configuration from a single firewall, and use that as the starting point for a new firewall group's configuration

I would like to see the ability to review logs/IPS violations/DPI errors in aggregate in some fashion. This would allow the partner to make informed policy decisions and see a larger threat landscape than needing to review each customer in a vacuum.

It would be a useful feature to be able to set the configuration backup settings you want once and then have that apply automatically to any firewalls added in the future. As it stands currently each time you add a firewall you need to remember to go back in each time and set it to back up to Central.

it would be important so be able to identify (and modify) a XG-Cluster and its state in Central.
Actually a cluster-member is marked as not available, which, in fact, is not quite the correct system state of a A-P-Cluster Member (for the backup-device)

I would like to have just one portal to manage my firewalls and their licenses. Integrating firewall licensing into Sophos Central, would also simplify account management, and license visibility among all of my administrators.

Allow creation of new VPN configurations and editing of existing VPN's.

It would be very helpful to be able to rename objects that have been created as changes are often required. I would also suggest the addition of a description field.

Right now only a firewall that has never been registered can be set up for zero-touch. Even if it has just been added to an account in advance to set up licensing will make it unable to be deployed in this manner. Allowing the ability to add any firewall would be beneficial and allow for faster setup.

To have the ability in Remote Access management to disconnect vpn users that have gone idle.

I would like to manage individual firewall configuration directly in Central, so I can fully configure a device before it has even been deployed, and so that group management can be improved with smarter dynamic objects, and to more easily share configuration already made on one firewall, with other firewalls, and more easily swap in an RMA replacement firewall.

When customer has a lot of users working remotely via VPN to the XG it'd be nice to have some report indicating for a chosen period of time, the time of 1st connection started, time of last connection ended and total amount of time conected. When remote access is the only way to work this can serve as a kind of audit of working time for some professional profiles. So far I guess reports include amount of times and number of times. Log can show active connections and starting time of the active connections. This is complementary info

I would like to restrict changes to objects and policies created from a firewall group, to protect them from local conflicts or accidental overrides. Objects and polices should be view-able but not editable when logged into the firewall locally, and it should be possible to pin firewall and NAT rules to the top or bottom, to better preserve the rule order.

I want to be able to create user-based policies for my firewall groups, using the AD users and groups that Central already knows about.

I would like to automate creation of VPN tunnels between firewalls managed in my Sophos Central account.