http://www.astaro.org/gateway-products/vpn-site-site-remote-access/46551-html5-portal-multiple-users.html

Basically we need the ability to establish a pool of html 5 connections so more than one user can use the html5 portal at a time using rdp or any other protocol.

Please update tcpdump in the UTM.

The current version in 9.101-12 is 3.9.8, and the current version on my not-newly-installed Ubuntu desktop (as an example) is 4.2.1.

That's quite a discrepancy, and there are at least two useful features which we are precluded from using because of this ("-G" and "-z", and others).

Please update tcpdump in the UTM to a more recent version.

Add 'Local networks' box to L2TP/IPsec and PPTP configuration to avoid needing to configure routes manually on each client.

i'm looking for a method to receive all changes by mail that's made in a WebAdmin Session by an admin. We have up to 3 administrators that allows to administrate our firewall and it's much easier for the other administrators if they're known which changes are made.

In the End User Portal I'm able to specify allowed users/ groups.

Therefor I'm able to define a group based on a Active Directory group, limited to backend group membership.

Now the limitation:
The User Portal only accepts AD Groups which are directy related to AD-Users. The use of nested AD groups (Users --> AD-Group1 --> AD-Group2) are accepted by User Portal, but without any action.

A needful enhancement would be the functionality of nested AD Groups, using in User Portal

This would make user blacklisting significantly easier and reduce the amount of email held in the quarantine .

I would like to be able to rename/change the description in the "Branch Name" field of the RED sites. I see that in the WebAdmin there doesn't seem to be a way.

When we get an alert that "redXX is down" it would be really helpful to not have to dig up my notes on which site that actually is. This should be a standard feature.

More detail about this are posted on the forum:
http://www.astaro.org/other-products/remote-ethernet-device-red/47745-rename-red-branch-name.html

Add all missing keyboards for users who use RDP over HTML 5 VPN portal

Malicious site re-assessment.
WEB sites get infected and cleaned in a rapid pace.
It would be good if Sophos would re-assess malicious sites on a regular basis. It could also be done through a "re-assess site" button on the block-pages.
I suspect a lot of businesses miss out on traffic due to that visitors fail to report that their WEB security solution report their site as malicious. This would also ensure less false positives for you, and a more accurate "database".

Need custom ddclient config interface. My provider is not in the list and having all possible providers in it is impossible.
Let us enter everything ourselves. Believe it or not but many of Your users are capable of filling in forms properly.
I'd like to be able to use the UTM builtins instead of servers in the back for this function. Also having 5 external ip's from my provider let's me dynamically update them individually.

Block and reject clients on gust wlan

There should be the possibility to configure the Mail Protection to use another WAN IP, if you have more than one.
Also choose the WAN IP for individual domains, for example:
Send mails from test1.de over WAN IP 1, send mails from test2.de over WAN IP2

It would be extremely handy to be able to configure the individual ports on a RED to support different VLANs -- for instance, port 1 and 2 could have VLANs 20 and 30 tagged, with ports 3 and 4 running untagged (VLAN 1)... really handy for a branch office setup with VOIP, etc. It would also be nice to be able to configure a hybrid port as well.. .that is, one that you can configure a native VLAN on (untagged) with tagged VLAN IDs all on the same port, a la Cisco, etc.

to bundle multiple WAN connections (Locator/ID Separation Protocol = LISP).
And a ready to use EC2 Machine as endpoint for self hosting.

1. An e-mail in the queue.
2. The e-mail is delayed.
3. The delay report is created only after 24 hours.

After 24 hours the user will be informed. This is tooooooo late.

This time can't be set. Please make it individual settable in Webadmin.

It would be great to have one place to configure a "deny all traffic" from or to an ip address. "All" means "deny any/any as first rule in firewall policy", "no webadmin", "no userportal", "no smtp", "no access to reverseproxy", etc. Just all traffic.

Right now you have to configure this at many places and you can't be shure that you don't have forgotten anything.

I would need this to stop malicious traffic.

Do you think it could be possible that in the future we could configure the Sophos Endpoint (not the UTM’s one) to inherit the Web Filtering policy defined in the UTM (as we currently do between SEC and SWA) ?

In V8 it was possible to Ping Devices behind the UTM Device, in V9 it is Disabled and could not be Enabled with a Packet filter Rule.

This function is useful for us and our Customer which has Devices behind the UTM in his own DMZ that should be monitored by Monitoring Systems etc.

Remote Access provides the information which user is connected.

I would like an option that also shows the device(iOs; Android, Linux, Windows, Mac) with which the user is connected.