I´d like to see a service definition based on dscp/tos values to seperate my traffic to different uplinks by tagging it with dscp tag. Currently it is only possible to make bandwidth reservation based on dscp but not routing .

It would be nice to be able to disable rules when all active interfaces are down and it switches to a standby one.

For example only allow VOIP and e-mail while blocking web surfing.
Optionally also bring up or down some IPsec/SSL tunnels.

If a service is not working properly (such as WiFi or DHCP service) could be selectively shutdown these without reboots the whole system.

The WAF should have rate limiting functionality to protect against DoS attacks. This could take the form of blocking or slowing down connections from a certain IP if >X number of requests have been received over a certain time period.

We have many Android phones and tablets running the Sophos Security & Antivirus App. We would like to view/control the configuration of this app via the UTM. to be clear: I am not asking for control of the separate Sophos MDM app/product, just Sophos Security & Antivirus for Android. Ideally if Android Endpoint Antivirus management and reporting can be centralized and added into the UTM as a managed Endpoint, it would be very helpful for managing (and auditing!) our corporate-wide security policies.

In this segment exist two user types, the Managers and the Workers. Usually the Manager have a more permisive access to internet and the other workers need a more controlled internet access. It's is usuall in all business.

It is currently not possible to see more than 200 search results when looking for an email with AMA. If someone is looking for an email and they do not have all the details to narrow their search, having the ability to see more than 200 results is greatly needed.

It would be nice to limit the maximum file size that could be uploaded.

– like entertainment (200 MB), Educational (100MB) etc… usage assignment to users.

Implement http://ipwatchd.sourceforge.net/

Track network issues directly on the gateway!

Very sensitive customers need to log the complete HTTP transaction (the request and response with the HTML provided by web server during the transaction). Even if it's very I/O demanding, it's a key feature that is mandatory to have to chance to sell just WEB Security in government offices, banks and customers that manage classified information

It would be nice on the UTM to have a Link to a help screen that lists the Light Available on that RED Version and the Light Codes for the boot sequence. Ver 1 has a System, Router, Internet and Tunnel, while other might have a System, Internet and Tunnel only. Also the little 1 sheet setup guide on newer RED devices doesn't detail what the light error codes mean. So you now have to guess if the problem is with the provider or with the RED itself.

Please add support for vmware vxlan for building large cloud systems.
See also:

http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-01
http://tools.ietf.org/html/draft-balaji-opsawg-vxlan-vm-topo-discovery-01

and for informations:

http://www.yellow-bricks.com/2012/07/23/understanding-vxlan-and-the-value-prop-in-just-4-minutes/

http://blog.ioshints.info/2011/10/vxlan-termination-on-physical-devices.html

Changes in the GUI shouldn't be active immediately. There must be a save button to activate changes. It is very important to prevent mistakes and you can change several setting and activate all at the same time to not lose the connection.

As all mails (incoming and outgoing) flow through our astaro machine, it would be the perfect place to add a 'mail archive' hook:
- either add a bcc address to all outgoing and incoming mails
- or deliver all mails to TWO servers: the mail server and the mail archive

Often there are events that are generated in large numbers during business hours but should never occur after hours. It would be great to b able to set it to only notify if an event happens after hours or on a weekend. Having these rules send notifications all the time generates massive amounts of notifications for genuine logins but I still want to know if there is unauthorized logins during times where they should not usually occur.

If the RED could communicate (establish a VPN) on a port other than its default, this would allow easy integration into a network with a locked down firewall without having to involve local IT resources.

Since ports 80 and 443 are often left open in small network environments, the device could be even more easily drop-shipped for installation.

The features OpenDNS give are awesome, if something like that was implemented on Astaro that would make administration easier for many users. The ability to be able to go through and quickly be able to force all users to point to 127.0.0.1 for malware related sites or open proxies.

At the moment the astaro can only allow or block unscannable and encrypted files globally. Please provide a possibility to set this up for certain domains.

Customers want recipient based e-mail signing instead of sender based e-mail signing on the Sophos UTMs mailgateway.