Proper regexp support would be very useful, basically everywhere where it is applicable, but especially in mail black- and whitelists. For example, many mailing lists and newsletters use VERPs (ie. unique senders that make their lives much easier) which makes it impossible to add these to whitelists. Sometimes whole threads of these mails are falsely caught by the spam filter.

Implement a simpe IGMP proxy so that IPTV at least from T-Home Entertain can be received. This is different from standard Multicast as it only to pass the asg and not dynamically communicate or register with other multicast servers

Request the option to send an email alert to the admins when a user visits a website that has a virus detection.

Open or closed a remote access or site-to-site tunnel via time rules. In banking sector you need this feature.

I have had many requests to have a policy in our Web Security section where it is possible to allocate a time quota for Internet Access. They do not want to limit when people have access to Facebook for example but how long they are allowed to visit these type of sites.

As requested by many users an option to send localized versions of the Quarantine Reports would be really nice for non English speaking users.

Allow users to login to the User Portal with username@domain.com when joined to an Active Directory Domain

Currently the users must login with their AD username only, using their email address does not work.

Idea:
Link IPS and Malware events in reports to a online database with a description of the event if available.

Reason:
It's always a lot of work to find out the reason of IPS events as "SHELLCODE x86 inc ecx NOOP" or to find a description of a Virus like "HTML/Infected.WebPage.Gen"

Benefit:
It would ease administrators lives to easily find out, which behavior the security events triggered or what they even mean.

It would be usefull to configure the output for a small LCD-Display using the webinterface.
I m using a fanless system without monitor.

Google offers a free API (http://code.google.com/intl/de-DE/apis/safebrowsing/) to check sites for known malware. It would be great if Astaro would add an option to block sites based on this database.

For example, a host entered in the 'Host list' on the 'Routing' tab of 'SMTP' should automatically be put into 'SMTP servers' on the 'Advanced' tab of IPS.

A host used in a 'DNS request route' should automatically go into the 'DNS servers' box.

On the 'Global' tab of IPS, don't allow an 'Interface (Network)' to be put into the 'Local networks' box if the interface is a DSL or modem type; at least warn that the admin should not put a public network into the box.

Add Remote Gateways to the IM/P2P skiplist.

Etc.

I would be nice to be able to better translate the web proxy messages. Currently, if you translate it to spanish, there are still english messages that are not appropiate for foreign language users.

Please, let a way to configure the delays for queued Email managment (retry frequency, retry duration, etc...)

UTM only supports automatic backups sent by email or to a UTM Manager repository.
It would be great to export them via SCP, FTP, Network Share like log files can.

Currently, any mails received from an e-mail address in the sender blacklist (under Mail Security / SMTP / Anti-Spam) are silently dropped.

How about providing an option where you can choose to do the following:

1) Silently drop / blackhole the email (current functionality)

2) Quarantine the email so the end user can choose to release

3) Bounce the email to the sender with a customisable message

4) Redirect the email to another destination address.

This is a (very) minor feature. It would be nice if the SSH fingerprint would be available somewhere in WebAdmin (preferably under the Management->System Settings->Shell Access tab). This way, if the WebAdmin certificate is already trusted, the fingerprint could be compared by the administrator to the one reported by the ssh client instead of just blindly accepting it (which is a security problem).

Would like an API into the database so to pull stats for mail users into 3rd party application

I would like to be able to actually control the bit size limit if the certificate and ca for the ssl vpn feature like (4096)+ bit length