A big ISP in France asks to have a chance to authenticate users against the FTP proxy (exactly as we do for http proxy) against an external database such as AD.

customer said in this case that no matter if the proxy send to the credential in clear text between user's client and AxG.

Hi,

If should be great to save an history of the configuration each time an administrator save something and maybe create a restore point to rollback to the initial configuration if something does not work after some modifications.

Thanks,

A customer came up with this idea, regarding his users' convenience.
They would like to have the Subject column right next to the From column, as they only check those two columns for possible false positives. Right now, the To column is between them.
So maybe you could give the admin a chance to design the quarantine report mail on his own, as long as he maintains some basic necessary settings.

Add the license info (type of licenses) and or the amount of time left for the licenses on the daily report

Hi, we have ASG boxes with a lot of NAT's on. Sometimes a new rule will be created that is a duplicate of something that is already there.

It would be really useful to have a tool where you could enter a source and destination ip and a port, which would show you if you have any NAT rules which match this.

When looking at the active IP that are taking licenses, it should also display the server/client name, not just the ip address, making it easier to track down what might be using up unwanted/unneeded spots.

Another idea from a customer:
Similar to the Mail Manager, there should be a "Web Manager" which is allowed to release items that were blocked by the HTTP proxy.

Example:
Someone downloads an passwort-protected zip file via proxy. After the download, it cannot be scanned because the file is protected, and is blocked. But the user needs that file. Now the admin would look at the blocked items and release it.

Often there are events that are generated in large numbers during business hours but should never occur after hours. It would be great to b able to set it to only notify if an event happens after hours or on a weekend. Having these rules send notifications all the time generates massive amounts of notifications for genuine logins but I still want to know if there is unauthorized logins during times where they should not usually occur.

We should be able to create a server load balancing rule with only one server in it. Right now, you have to create/edit a rule with at least two. Not allowing this prevents you from temporarily removing a server from a pool for maintenance.

Because of automatic packet filter option in Dnat/snat it should also be possible to add Time events there.

When viewing DNS settings, you can see the static enteries you have configured, but you should also be able to view active clients... like you can with active leases in DHCP.

Copy the up2date-release on a usb-stick, plugin into the usb-port of the asg-device and then press at webmin-gui the (new) button "import update from usb-device".
This will give you the option to make a update on an asg without download / upload the firmware-release. In some reasons you don't want to make an automatic systemupdate.

I was wondering if it would be possible to have the product send out a notification to a group of users when you schedule a update? So like for example tonight I scheduled the update to 8.304 for 21:00 so say during the scheduling process you can pick users or a group of users to send the notification to just inform them that the firewall will be updating during this time and Internet could be unavailable for approx 10 mins during this time please plan accordingly?

I would like to have a comment box, how we (windows-) admins know from Active Directory-MMCs.
This comment boxes should be at the bottom of all WebAdmin-config-sites.
And in this comment boxes, we could write any infos (for other admins), comments, ideas, todo's, ...

when more then one address is configured on a physical interface it should be possible to use multipathing with these additional addresses.
so that its possible to make nat rules like:
uplink_itf(second-adress wan1/second-adress wan2)

We need a way to specify more complex content filter rules since the addition of multiple categories.

Allow the content filter to have blacklisted and whitelisted categories at the same time, and allow them to decide which one "wins".

For instance, if a user wants to blacklist Games, but allow Educational, they could. They could also allow Shopping, but block Intimate Apparel. Currently if you select only 1 category, the site will be blocked even if you have whitelisted others it matches.

web security should reauthenticate against active directory every 10-30min so that when (guest) account is locked they are unable to get through web security

Under V6, the web proxy wrote a comment into the source code of websites if the proxy has removed active content. As far as I can remember it was "<!-- script removed by scanning subsystem -->".

It would be nice to have this feature again.

We need a mib to track how many emails are in SMTP queues, so that we are monitor from an external software how many emails are in queue and detect when a situation has occurred that requires our attention (ie. Mail Server internally offline)