It would be very nice if Let's Encrypt CA start with public certificates (letsencrypt.org), that we can get certs throug the UTM Gui. So that the "Let's Encrypt Client" is integrated in the UTM. Would it be possible?
Best Regards

Add the ability for administrators to specify bandwidth limits for users and IP addresses in regards to how much they can consume during a certain time period, certain hard limit, or on a certain service/proxy.. Gives the option to control bandwidth usage on the AxG so that admins can better manage their internet connection and control overusage and heavy users, especially during certain times.

Please make a tool to conver regular openvpn configuartion files to your apc/epc format. Without such a tool it is impossible to use an astaro as client for existing openvpn server.

It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.

Add the ability to see selected (or all), bandwidth graphs per user. I would like to be able to specifically show my users, that they are using X amount bandwidth.

IKE V2 is the newest innovation to IPSec and makes using of mobile clients a lot easier. I wish to integrate IKE V2 as soon as possible.
See: http://tools.ietf.org/html/rfc4306 (RFC 4306)

we are hosting a SignalR hub (http://signalr.net/) behind a Sophos UTM 320. We use the Web Server Protection feature extensively in our environment, and as such have opted to use the same for this.
SignalR will always try to use Web Sockets (http://en.wikipedia.org/wiki/WebSocket), a new HTML5 API, and fallback to other technologies where this isn't possible to be used.
Since we've been hosting the hub via the reverse proxy, none of our clients are able to connect via Web Sockets :so having support for websockets in WAF would be super cool

It would be great if it would be possible to redirect certain URLs

For example:

www.company.com => www.company.ch/site1
www.company.com/site1 => www.company.com/newsite

Thank you :)

With the SMTP proxy able to handle mail for many domains, allow the proxy to be configured so that an admin can assign a hostname per profile, or have the proxy report different hostnames per outgoing interface. (and the ability to specify which domains/profiles go out which interface). Allows for easier management and adoption of many smtp domains on a single asg appliance.

Implement a simpe IGMP proxy so that IPTV at least from T-Home Entertain can be received. This is different from standard Multicast as it only to pass the asg and not dynamically communicate or register with other multicast servers

Currently it is not possible to use a hardware appliance with a home use license, meaning it is necessary to wipe the device's hard drive and reinstall from the software appliance ISO. I've never been sure of the reason for this restriction - used Astaro hardware is available from sources such as eBay and so is a viable option for home use. It would be great to be able to make full use of the additional hardware appliance features (LCD display on 220s and up, graphic of appliance port activity on dashboard) when running as a home user.

Add granular and detailed reporting graphs showing details like:
CPU usage per core
CPU usage by processes(iowait, interrupts, useful for determining HW problems or poor performance)
RAM per process
SMART status
Heat/Cooling/Power(RPMs, temps, voltages)
UPS status(Vbatt, Vout, Vin, etc)

all of this can be implemented using Munin with some tweaking

Make it possible to export and import lists of definitions - especially host definitions.

Allow WebAdmin to scale (such as was the case in V6) to correctly use most/all of the available screen resolution. Use all the available vertical resolution (to avoid having to scroll) and also use as much of the horizontal space as possible. Simply stretching it to fit won't be pretty, focus on the vertical and use horizontal as it makes sense.

A lot of us (at least with bigger environments) are using systems like Zabbix or Nagios to monitor their stuff.

An direct integration of the clients into Astaro would it make a lot easier to integrate the Astaro boxes into it. SNMP alone does not provide a lot of values which are interesting to monitor. Like:
- Packet filter violations
- IPS stats
- VPN Users online
- and much more

RED should be able to do DSL/VDSL (PPPOE), as this way it can be used with an ISP which is very common worldwide in requiring authentication against their modem.

Expand the Astaro Authentication Agent to (optionally) use the currently logged on Windows credentials instead of manually entering credentials.

The Reverse Authentification feature (UTM 9.2) for WAF is a nice progres, but I'm hoping that it will soon be extended. There are many scenarios that require at least NTLM; Kerberos would be nice as well. Yes, we are coming from TMG :-)