Dual-factor authentication is much stronger than password-based authentication which Astaro now using. Astaro has implemented the certificate authority and OpenVPN project has implemented support for PKCS#11 in version 2.1. What there is left ? Only to implement dual-factor authentication in Astaro.

Currently it is not possible to use a hardware appliance with a home use license, meaning it is necessary to wipe the device's hard drive and reinstall from the software appliance ISO. I've never been sure of the reason for this restriction - used Astaro hardware is available from sources such as eBay and so is a viable option for home use. It would be great to be able to make full use of the additional hardware appliance features (LCD display on 220s and up, graphic of appliance port activity on dashboard) when running as a home user.

At the moment you have to do a full reinstall from ISO on software appliances when a new major version (like UTM 9) comes out. This means you loose all your logs, reporting data, quarantine mails, etc.
Though I understand the problems with unknown or unsupported hardware in new versions It would be great to have the same one-touch experience like hardware appliance users.

Offer a "real" one-touch upgrade as on hardware appliances and warn the user that this process is on his own risk. If it fails because of the hardware he can still do a fresh ISO-install.

Add support for more UPS. We currently use a HP UPS which is not recognized by the ASG.

have some kind of packet caching and optimization like the same what Riverbed or BlueCoat does. Instead of my corporate site contains 2 boxes for firewall and packet optimization appliance in each site, this can turn into all in one UTM with ability to have a packet caching mechanism. It will be speed up overall WAN usage and using bandwidth efficiency.

Create a prebuilt XEN and/or HyperV appliance as per what has been done for the VMWARE appliance.

I am looking for .VHD formats.

Support for the below NIC please
Device Name: DFE-580TXDFE-580TX
Device ID: 0x10120x1012
Device UID: 0x11860x10020x11860x
Class Name: Network controllerNetwork controller
OEM Device Name: DL10050 Sundance EthernetDL10050 Sundance Ethernet
OEM Device ID: 0x10020x1002
OEM Device UID: 0x11860x10020x11860x

I would like to be able to hard drive mirroring in software as I'm able to do on other GNU/Linux distributions such that if either drive fails I can boot from the working drive and rebuild the mirror on a replacement.

in Webadmin, Userportal and Web Application Security.
The intermediate CAs will not be sent by the UTM to the client, so the CA path is broken and then some Browsers will not accept the cert.

This would be helpful to the thousands of Managed IT Service Organizations using ConnectWise as a PSA who are basically looking for a great security device that we can roll out to clients and manage centrally, with reporting and metrics available through ConnectWise

monitor tool for android platform (mobile phone) to monitor your servers.

Add SSL support to V.9 of Sophos-UTM's HotSpot support. This is needed to protect transmission of the passwords

Copy the up2date-release on a usb-stick, plugin into the usb-port of the asg-device and then press at webmin-gui the (new) button "import update from usb-device".
This will give you the option to make a update on an asg without download / upload the firmware-release. In some reasons you don't want to make an automatic systemupdate.

Virtualbox fills the void left by the eol of Vmware Server. It is available for free and allows for the creation of test environments under various operating systems. It seems to be gaining in popularity and most linux version offer Virtualbox Guest Additions either on the installation media or within their update channels.

Ability to multi-tenant the main features (web proxy and email).

Currently, there is a functionality in Management->Licensing->Active IP Addresses that enables only (ASG software appliances) to get current IP address usage.

If you are using an Appliance with unlimited licensing, this info is not being shown. It could be good to monitor usage for current and past values for this.

Regards.

In older versions (<7) you were able to search through service definitions that covered a particular range of ports for a port within that range. Now you can't -- you can only search for the end points of the range.

For example, traceroute is defined as 33000-34000.

Search for 33000, it works.
Search for 34000, it works.
Search for 33001, it doesn't.

Implement the stunnel-proxy (http://www.stunnel.org) for secure data-exchange. Proxy-port and certificate can configured by WebAdmin.