LDAP/TOTP Server proxy
Astaro/Sophos UTM will happily use an external LDAP server as an authentication source. And then apply over that its own TOTP layer. But it cannot provide that TOTP service to other devices, except for internal websites using the reverse proxy.
I'd like to see Astaro offer an external facing LDAP service, as a proxy for other LDAP servers with an optional OTP enhancement. This would allow an organisation to provide a single OTP source against a whole range of services such as mail servers, file servers and much more; all without configuring multiple OTP servers.