Could have predefined configurations of NAT/firewall rules that can be tweaked in a creation Wizard. .

Give a checkbox to directly enable new rules

It would be a great enhancement of usability if the "Default content filter action",
which consists of "Web Security" > "Web Filtering" > "AntiVirus/Malware" and "URL Filtering" section, would be displayed
in Web Protection > Web Filtering Profiles > Filter Actions. The object should be marked as non-deletable.The configuration flow would be easier to understand.
Also you can then clone the default profile, which an admin usually builds first, and use this as base for other filter actions.

If the scheduled scan is not happened on the configured scheduled time, full
scan will be triggered automatically after the machine restart.

Customer name: HOLCIM GROUP

Fetch the reports from Sophos Report Manager on Scheduled Scan not triggered / not completed .

Customer name: HOLCIM GROUP

Google supports a ways for organizations to limit which Google Apps domains users are allowed to visit. This is done by adding an HTTP header to outbound requests containing a list of allowed domains.

http://support.google.com/a/bin/answer.py?hl=en&answer=1668854#providers

Improve the Apply Functionality either by an Apply All Button, reminder to Apply, change Apply color on changes or sth. similar

Directly support (on high volume or access-based lists) to rsync them and provide them locally by a local running RBLDNSD instead of using the public data feeds

Similar to postfix header checks support to regex check headers and support e.g. header adjustments/replacements/manipulation

The current number of destinations displayed is 5 per user. To increase the usefulness of this report increase the limit or allow the user to select the number of destinations to include in the report.

Extension Blocking: to move the original e-mail in quarantine and sent the e-mail without the unwanted attachment to the receiver.

Currently users are imported and created into the user/groups definitions when imported from AD. Groups however are not and you have to manually create the groups definitions and attach them to the AD group

It would be so much easier if this was done automatically on sync!!

Integrate the WAF with HSM so the OWASP "Insecure Cryptographic Storage" concern can be addressed.

When e.g. 10 devices online, they all have to share the bandwidth set with QoS. I think it would be better to set the limits for the whole wireless guest network higher and set a maximim speed per device.

At the moment, Astaro implemented a handful DDNS providers. It would be great if you can manually insert your own provider. For example Strato, they provide also Dynamic DNS

Looking to replace Ipswitch what's up gold with UTM for network monitoring. Ability to monitor internal switches, servers, etc for icmp ping requests and notifications via email if the IP address monitored is up or down. Notification is sent when IP address is not reachable for 5 minutes, and notification is sent when IP address is reachable if it was in status down.

Passing the authentication credentials from 802.1X WPAx enterprise authentication to other UTM modules would enable seamless SSO for wirelessly connected devices and would be particularly useful for authentication of mobile devices.

Virtual Appliance image using as RED Device

Should allow customers to add their own applications in the list.

This allows the customer to update faster its own list of applications