A lot of us (at least with bigger environments) are using systems like Zabbix or Nagios to monitor their stuff.

An direct integration of the clients into Astaro would it make a lot easier to integrate the Astaro boxes into it. SNMP alone does not provide a lot of values which are interesting to monitor. Like:
- Packet filter violations
- IPS stats
- VPN Users online
- and much more

It should be possible to make the UTM the UPS master and other servers obtain notifications from UTM or UTM becomes a client of another UPS server offering informations.

In the End User Portal I'm able to specify allowed users/ groups.

Therefor I'm able to define a group based on a Active Directory group, limited to backend group membership.

Now the limitation:
The User Portal only accepts AD Groups which are directy related to AD-Users. The use of nested AD groups (Users --> AD-Group1 --> AD-Group2) are accepted by User Portal, but without any action.

A needful enhancement would be the functionality of nested AD Groups, using in User Portal

Add an internet speed test (using something like speedtest-cli or a nagios check_speedtest-cli) to the management interface support tools. This check should bypass DPI, IPS/IDS, AV, etc. so users can tune the security services for optimal protection and speed. This could also be used as a reference when setting up QoS or even as variables in QoS settings as internet traffic speeds often are increased without user knowledge and the current QoS bandwidth settings are static. Periodically check internet speeds and report in the network graphics and executive reports.

Allow a user to create and restore backup files that contain only parts of the configuration.. users would be able to selectivly make use of various parts of the configuration in other firewalls, allowing for easier rollout of multi-site locations. As well, they can restore only parts of a backup file that are required, thus allowing for faster recovery and without affecting all areas of the box.

It would be fantastic if you could provide a Management Pack for Microsoft Operations Manager (currently Version 2012 R2) to centrally monitor UTM appliances and other Sophos products. Dashboard, Alerts (DoS, Portscans, etc.), State of components (Webfilter, VPNs, etc.), Capacity Management (Load, Usage), etc.

Please make it possible to use HTTPS for WebCID updates of the product Sophos Endpoint Protection. Now only HTTP is possible, this is undesirable because authentication details (credentials) are being sent over the internet in plain text.

Many MSPs use N-able for monitoring and management. Add integration to allow UTMs and SUM to have status and alerts visible in N-able

It would be a big help if TOOLS - had the option to select an interface then point to www.speedtest.net or a few user selectable speedtest sites and be able to run Download & Upload speeds.
This would work especially on USB modem cards.

Nothing worse than having managers ask if their network is slow or the provider.

Add a method to check the real time bandwidth usage for firewall rules.

So users can distinguish which rule uses the most bandwidth and set the proper QoS for it.

Expand granularity of WebAdmin roles. Current access gives an "Office Manager" too much control across too many areas under each "manager" or "auditor" level term. We have the need to let one person Release Spam and add URLs to control office traffic

It would be nice if there was a list of available areas and operations with the ability for us to make a role composed of our selections.

UTM only supports automatic backups sent by email or to a UTM Manager repository.
It would be great to export them via SCP, FTP, Network Share like log files can.

Add additional songs/variety to the "hold" music rotation for the Sophos USA technical support number.

By scanning the local IP-space of connected/configured internal (non-gateway) interfaces, discovered IPs should be auto-added to the definitions list using their hostname as the title (if available) otherwise just fill in the IP for both the address and the name.

This saves admins having to define their objects from scratch, and they can always delete the object definitions they don't want/plan to use. This should be done either automatically, as part of the wizard, or on request.

Backup or export the quarantine folders and other data not included in the backup files on the UTM. For example a mail being held in quarantine could be extremely important. If a device fails that data would be lost. Allowing external storage even just to a single restorable backup file would be a big selling point

Hi,

If should be great to save an history of the configuration each time an administrator save something and maybe create a restore point to rollback to the initial configuration if something does not work after some modifications.

Thanks,

In SUM, include the capacuty to configure SANDSTORM

Changes in the GUI shouldn't be active immediately. There must be a save button to activate changes. It is very important to prevent mistakes and you can change several setting and activate all at the same time to not lose the connection.

We would like to see the ability to create firewall rules that take over if the primary WAN connection fails over to a secondary WAN connection. This would be useful for businesses like ours who has a nice primary connection but a significantly smaller backup connection. For example we let the employees stream media during normal operations however with many streaming if it fails over to the backup WAN connection it causes a huge bottleneck for us.