Open up holes in NAT Firewall
Provide simple web-based GUI to allow us to poke holes in the NAT firewall instead of just an enable/disable option. Simple ACLs, nothing fancy, just allow tcp and/or udp to specific ports. The followup enhancement on the roadmap would be to let us tie those to specifc ranges ... for instance, simple gui that would let us 'allow tcp 443 from 0.0.0.0/0.0.0.0' or better still 'allow tcp 443 from 126.96.36.199/255.255.255.255'. Hit us with a 'any settings here are for advanced users only' tickbox to enable the capability, to wash your hands of the support burden for it.