We would like to offer Citrix access to users via the HTML5 VPN portal.

It would be great if the AP30 also had the repeating option. The AP50 is too expensive for normal clients.

It would be great to have the ability to disable the On-Access-Scans for a certain amount of time on the client.
E.g. via right click on the systray icon:
"Disable On-Access-Scans..."
"for 1 hour"
"until reboot"

This should, of course, only be possible for admins, perhaps only after entering the tamper protection password!?

I think it's all wireless access points needs 5GHz connectivity.
All professional wireless devices (Notebooks, mobiles ore whatever) are able to connect via 2,4 and 5GHz.
5GHz technology is more stable as 2,4 GHz.

We often deploy new Configurations and Software to our real servers behind about 15 SLBs. By now we always have to login to WebUI to manually rebalance the Real Servers we wan to maintain, and rebalance them back for the second half of a SLBs Real Servers.
It would be nice to have an SSL+Login API to do it automatically using something like Capistrano or even a predefined per-SLB HTTP Response Code, the SLB knows to rebalance to 0 for specific Servers.

In the new UTM 9.1 you redesigned the Toggles (to enable/disable the features). But why you make the disabled Toggles grey instead red? Please make the Toggles red again. The new Design - but red for disabled Toggles.

Please add MAC address allowed lists to your AP wireless access devices. Even the cheap units from other manufacturers include this, and it is an important additional layer of security.

Whilst you can create Departmental reports, containing the Sites, Traffic, %, Pages, Duration and Requests, it doesn't include the Username of the user. It would be really useful if you could create Departmental reports showing all of this information,sorted by usage and include the username, so that a Department Head can see the usage of all his/her employees, in a single report, rather than having a seperate report for each user. It would also be good if it could include the option to have a date/timestamp entries as well.

Would like to control mobile devices (Encryption/ AV/ Remote-Lockdown) from UTM9 Web Admin

Have the ability to have Macintosh Endpoint Protection Clients

For web sites with larger uploads (e.g. ownCloud) there is currently a 128MB (134217728 byte) limit in Web Server protection, the so called request body limit in ModSecurity.
Please add the possibility to configure this parameter (it's "SecRequestBodyLimit" in the Apache config) to allow larger uploads to sites protected by WAF.

In addition to passwords for entry via the wireless captive portal, it will help us if QR Codes can be printed on vouchers too.
Users with smartphones are able to scan the QR code with the mobile phone, which contains an individual URL to activate the session, equivalent to typing in the vouchers passcode in the captive portal.

I think it could be worth a look at, unless Snort comes up with a multfhreaded version.
http://www.openinfosecfoundation.org/
http://suricata-ids.org/

Feel free to choose every DynDNS server or add No-IP DynDNS to list.

In the End User Portal I'm able to specify allowed users/ groups.

Therefor I'm able to define a group based on a Active Directory group, limited to backend group membership.

Now the limitation:
The User Portal only accepts AD Groups which are directy related to AD-Users. The use of nested AD groups (Users --> AD-Group1 --> AD-Group2) are accepted by User Portal, but without any action.

A needful enhancement would be the functionality of nested AD Groups, using in User Portal

Need custom ddclient config interface. My provider is not in the list and having all possible providers in it is impossible.
Let us enter everything ourselves. Believe it or not but many of Your users are capable of filling in forms properly.
I'd like to be able to use the UTM builtins instead of servers in the back for this function. Also having 5 external ip's from my provider let's me dynamically update them individually.

This would make user blacklisting significantly easier and reduce the amount of email held in the quarantine .

Add all missing keyboards for users who use RDP over HTML 5 VPN portal