I would like to see the ability to review logs/IPS violations/DPI errors in aggregate in some fashion. This would allow the partner to make informed policy decisions and see a larger threat landscape than needing to review each customer in a vacuum.

Right now only a firewall that has never been registered can be set up for zero-touch. Even if it has just been added to an account in advance to set up licensing will make it unable to be deployed in this manner. Allowing the ability to add any firewall would be beneficial and allow for faster setup.

I would like to manage individual firewall configuration directly in Central, so I can fully configure a device before it has even been deployed, and so that group management can be improved with smarter dynamic objects, and to more easily share configuration already made on one firewall, with other firewalls, and more easily swap in an RMA replacement firewall.

To have the ability in Remote Access management to disconnect vpn users that have gone idle.

When managing individual firewalls, please display the Hostname of the device currently being managed in the browser tab or title bar. Currently the tab displays "Sophos". This will help avoid confusion and costly mistakes when managing and configuring multiple devices.

It would also be helpful to display the hostname next to the company name below the admin menu in the top-right corner of the each page.

When customer has a lot of users working remotely via VPN to the XG it'd be nice to have some report indicating for a chosen period of time, the time of 1st connection started, time of last connection ended and total amount of time conected. When remote access is the only way to work this can serve as a kind of audit of working time for some professional profiles. So far I guess reports include amount of times and number of times. Log can show active connections and starting time of the active connections. This is complementary info

I want to be able to create user-based policies for my firewall groups, using the AD users and groups that Central already knows about.

I would like to restrict changes to objects and policies created from a firewall group, to protect them from local conflicts or accidental overrides. Objects and polices should be view-able but not editable when logged into the firewall locally, and it should be possible to pin firewall and NAT rules to the top or bottom, to better preserve the rule order.

I would like to automate creation of VPN tunnels between firewalls managed in my Sophos Central account.

I would like to be able to deploy new firewalls using the Zero Touch deployment option, but not require a using USB stick, to apply the initial configuration.