limit SSLVPN to approved computers
It would be nice of SSLVPN client functionality could somehow be limited to known/approved/company computers. One problem with the current SSLVPN system is that the software can be installed on nearly any computer, including personal systems that could be infected with any type of unknown malware. Then, by way of the SSLVPN an approved user could put that infected computer on the corporate network with nearly no restrictions (by default).
In my opinion, this is a big security problem. Even if the client software download page was disabled on the firewall (which it currently can't), it's not difficult for anyone that can use google to download the software directly from WatchGuard. There should be some behind the scenes mechanism built into the SSLVPN software to only allow previously approved (aka company managed) systems to connect by SSLVPN even with the right user credentials. Essentially, 2 factor authentication for SSLVPN - 1st the computer, then 2nd the user.