I would be nice to be able to better translate the web proxy messages. Currently, if you translate it to spanish, there are still english messages that are not appropiate for foreign language users.

Currently astaro support only RADIUS and LOCAL authentication in PPTP VPN.

Since Astaro is using the open source PPTP which is PoPToP, authenticating on AD, LDAP, and others is possible. Would be great to have this added.

This is a (very) minor feature. It would be nice if the SSH fingerprint would be available somewhere in WebAdmin (preferably under the Management->System Settings->Shell Access tab). This way, if the WebAdmin certificate is already trusted, the fingerprint could be compared by the administrator to the one reported by the ssh client instead of just blindly accepting it (which is a security problem).

When you install a new server, all logs are lost since the logs remain at the old server.

Would like an API into the database so to pull stats for mail users into 3rd party application

Allow to split the ASG installation on more than one HDD. ie mount /var/log partition on a separate hdd /dev/sdb1.

I would like to be able to actually control the bit size limit if the certificate and ca for the ssl vpn feature like (4096)+ bit length

In case of a misconfiguration or the introduction of an infected PC, it is possible for the mail queue to contain tens of thousands of NDRs.If they are deleted, they are replaced. If they are bounced, they are not replaced. 100 at a time takes too long, so the only current solution is to reinstall from scratch.

Actually Astaro chooses HTTP proxy profile by source network only. This disallows the use of 2 or more different proxy modes for same source subnet(s) without restrictions and workarounds. It would be helpful, if for same source subnet(s), if needed, between one and all proxy modes at same time could be activated.

For the SSO, Standard and Basic Modes maybe a option to customize the proxy port for each profile and make the http proxy chosing the appropriate proxy profile using source network AND proxy port may allow this behaviour ?

Allocate service bandwidth based on user group membership via eDirectory/AD/or local group membership.

It would easily save a lot of work if we had the possibility to make a mass-rule with "NOT" operators, like accepting all traffic for all directions EXCEPT for some host or network etc..

Like ACCEPT ANY ANY !Host"A"

Connection tracking is implemented for typical tcp-protocols like FTP. Microsoft netbios based protocolls needs conntrack mode also.

A sample solution is available e.g. from http://www.cse.unsw.edu.au/~matthewc/files/ip_nat_netbios.c, but other solutions should be available.

For Firewalls between company networks with WINS and netbios protocol and NAT at the same time a connection tracking would be needed.

User certificates (used for ssl VPNs) has very long duration (20 years?). IT revisions are not very satisfied with such configuration, proposed certificate validity is 1 year or less.

I am Astaro Hong Kong Support, for SMEs, they would like to Astaro provides redirecting page insteads of blocking page e.g) web security blocking page. SMEs can type their company webpage and don't want to display any blocking message.

Add the ability to globally search all logs for matching strings from a single entry box for a specified date/time range.

Some VOIP providers use a non standard SIP port number. I also imagine some companies using VOIP would like to use a non standard SIP port number given the chance.

The request is to allow the port that the SIP service monitors to be changed from the default port of 5060.

Even though I'm the admin of our groupware-server, I cannot read e-mails of other employees (unless they themselves gave me proxy-rights to their mail-account or shared one of their mailfolders with me). But I can download all e-mails which were put in quarantine. German law prohibits employees (including admins) from reading other people's mails. You could be jailed if you do so.
I would like to have the mail download feature disabled. Even better if mails were stored in an encrypted format an the ASGs hard drive, to make it impossible for admins to read other people's mails.