Currently (i.e v9.004-34) on a virtual UTM, the interface does not allow you to rename the Eth0 network interface from "Internal".

I have been informed by support that this is not a bug - even though it does not do this on any of the physical appliances that we have.

I don't know why you would have made a design change like this but please can you restore the ability to rename the eth0 Network Interface because it is not helpful when you have an interface named "Internal" when it is your public internet interface!!!

Thanks.

Ability to allow applications without a packet filter rule. Would be nice - at the moment you have to to set up a packet filter rule even if you have a Application Control rule that accepts the usage of a specific application.The current behaviour makes no sense for me.

Sophos Antivirus supports multiple Linux distributions. I recommend adding this client to the UTM Endpoint list so we can protect, manage and monitor security on our Linux servers and desktops

It would be a nice option for the AP-50 to push clients to 5 GHz if they support it, before using 2.4 GHz.

If multiple internet uplinks are available, the VPN tunnel works only with one of them. The idea now is to use all internet uplinks for one VPN tunnel. The intrasite connection between the two UTM's speeds up and if one ISP goes down you have a failover without an interrupt.

At the moment you have to do a full reinstall from ISO on software appliances when a new major version (like UTM 9) comes out. This means you loose all your logs, reporting data, quarantine mails, etc.
Though I understand the problems with unknown or unsupported hardware in new versions It would be great to have the same one-touch experience like hardware appliance users.

Offer a "real" one-touch upgrade as on hardware appliances and warn the user that this process is on his own risk. If it fails because of the hardware he can still do a fresh ISO-install.

In UTM, Ability to block outgoing emails with size larger than X and send to recipients number larger than Y.

Right now if you create a static DHCP reservation and its a wireless client, you have to create a new wireless client entry to get a 'vanity' name on that client. It would prefer to just pick up on the DHCP static entry name and carry it over.

We do with our previous solution every Friday afternoon a full scan of all local drives on the PC's and servers.

This scan can be moved by certain definable users up to 3 times on a different day or skipped entirely.

When the scan is skipped 3 times the next time he is done without the user can stop the scan.

The whole thing, the administrator of the configuration settings centrally regulated.

These possibilities we would have liked in the UTM.
Sophos will include that in the Endpoint Protection?

Currently it is only possible to apply IP subnets to a single interface. If there are for example multiple interfaces connected to the internal network and OSPF is used for routing, an IP subnet could be reachable from any of these interfaces. Within the network definitions, only one interface can be defined for spoofing.

eSafety for school children when not inside the firewall e.g. school devices at home still protected and filtered on a per users basis or some other form of identity or even MAC address

It would be great, if you could add " *.domain.com " in WAF.
So that you dont need to add every single FQDN for every site.

Please think about making a 24/48 port witch that has some integration into the utm box (Similar to the ap30) that would give me stats on my network and allow me to troubleshoot admin from one login.

Please add Support for route based vpn so you can prefer the BGP route first followed by the IPSec route if your BGP route is not available.

Changes in the GUI shouldn't be active immediately. There must be a save button to activate changes. It is very important to prevent mistakes and you can change several setting and activate all at the same time to not lose the connection.