I'm using Sophos UTM 9.4 beta 2 at home on an Intel NUC. It hasn't been perfoming right, and I tracked it down to my new printer requesting ~60 DHCP6 addresses per second, filling up the dhcp6.leases file at a rate of about 15kbytes/second, and eventually causing performance issues when the leases file gets into the tens of megabytes, with system load >10 with confd processes (my Intel NUC isn't the most powerful unit in the world - somewhere between SG105 and SG210 in terms of memory and CPU).
So there is obviously some sort of bug in the printer where it doesn't do IPv6 very well, and I have now turned IPv6 off, but for this to bring my Sophos UTM down sounds like a significant limitation. We have a few customers with guest wireless networks and this would mean that a single bad actor could cause issues on the network, which is the sort of thing I expect the product to prevent.
DHCP is definitely not the most secure product in the world, and I understand that a single bad actor can still flood the wireless and prevent access to other users on the same network segment, but a bit of rate limiting would go a long way to preventing a single user from breaking the UTM. I tried putting some QoS rules in for DHCPv6, but it only worked in "Bandwith Pool" QoS, which is the wrong way to do it (needs to limit by sender mac address, not total traffic).
Not sure if this is just a problem in the 9.4 beta. It's all I have access to for testing. I don't think I had the problem before I moved from 9.3 to 9.4 beta, but can't quite remember exactly when I got the printer.
