When you install a new server, all logs are lost since the logs remain at the old server.

Astaro must have the ability to allow traffic to burst over to a second WAN link when the primary WAN link is saturated or reaches a defined maximum of traffic amount in a day/week/month. We currently have options to failover traffic depending on source, destination, and interface. What we need is another category for bandwidth utilization.

It is great to have the fwrule field in the Packet Filter log, but rule numbers sometimes change, and then it becomes very difficult to search the older logs for a match on a given rule. It would be a lot easier if there was an option to name a rule and this name was logged in either the fwrule field or a new rulename field.

Please implement a reader friendly log-, and live log reader which will output any of the the text logs to a formatted output (similar to the actual paket filter live log). Should offer following features for viewing all types of logs:

- formatted output (as paketfilter live log)
- colored (drop, pass, block, info and so on)
- expression filters
- possibility to filter (do not show) logentries (similar to user portal / smtp log), where you can hide unwanted informations)

It should be possible to make the UTM the UPS master and other servers obtain notifications from UTM or UTM becomes a client of another UPS server offering informations.

Currently astaro support only RADIUS and LOCAL authentication in PPTP VPN.

Since Astaro is using the open source PPTP which is PoPToP, authenticating on AD, LDAP, and others is possible. Would be great to have this added.

We would like to remove (or replace) the Sophos/Astaro branding on outward facing things like the UserPortal, Block Pages, Email Digest etc...

I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.
Unfortunately Fully Transparent HTTP Proxy does not offer this functionality.
Read more at http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html#post109466

Given that Astaro's VPN mechanism creates non-bridged subnets, it'd be incredibly useful for networks with a large number of Macs particularly to have Wide-Area Bonjour (i.e. Avahi or Zeroconf) built into ASG's DNS server.

Allow to split the ASG installation on more than one HDD. ie mount /var/log partition on a separate hdd /dev/sdb1.

In case of a misconfiguration or the introduction of an infected PC, it is possible for the mail queue to contain tens of thousands of NDRs.If they are deleted, they are replaced. If they are bounced, they are not replaced. 100 at a time takes too long, so the only current solution is to reinstall from scratch.

have some kind of packet caching and optimization like the same what Riverbed or BlueCoat does. Instead of my corporate site contains 2 boxes for firewall and packet optimization appliance in each site, this can turn into all in one UTM with ability to have a packet caching mechanism. It will be speed up overall WAN usage and using bandwidth efficiency.

currently, there are several "action" options in the smtp anti-malware section: warn, blackhole, quarantine, and reject.
We should have a "remove attachment" option which means the unwanted (infected or dangerous) attachment is stripped off the mail, but the rest of the mail is forwarded to the recipient.
Two things are achieved with this: the recipient is informed immediately about the mail (he doesn´t have to wait for the next quarantine report). And he can see that a mail from a possibily importand business contact has been blocked and see at least the "uncritical" content

Add the ability for administrators to specify bandwidth limits for users and IP addresses in regards to how much they can consume during a certain time period, certain hard limit, or on a certain service/proxy.. Gives the option to control bandwidth usage on the AxG so that admins can better manage their internet connection and control overusage and heavy users, especially during certain times.

Actually Astaro chooses HTTP proxy profile by source network only. This disallows the use of 2 or more different proxy modes for same source subnet(s) without restrictions and workarounds. It would be helpful, if for same source subnet(s), if needed, between one and all proxy modes at same time could be activated.

For the SSO, Standard and Basic Modes maybe a option to customize the proxy port for each profile and make the http proxy chosing the appropriate proxy profile using source network AND proxy port may allow this behaviour ?

It would be nice to add to the DHCP and DNS the ability to register dynamically on the local DNS zone the name of the machine and IP address that have just be assigned by the DHCP server.

Please add support for the LLDP Protocol. This would superseeds protocols like cdp edp and so on. An opensource Implementation is aviable.

If a user is enabled to use mail encryption there's currently only the option to sign all of their outgoing mail or nothing.

I'd like to have another option to sign only mails for listed recipients (single [billg@microsoft.com] or domain [*@astaro.com])

Allocate service bandwidth based on user group membership via eDirectory/AD/or local group membership.