this is the job of our Support engineers.. Maybe would be more efficient to have some very high qualified partners, able to open a ticket with an higher priority to speed up the process in case of real bug, but it doesn't make sense that non Sophos employees enginners have a chance to get in touch wiht the R&D.
We are hard at work on this feature and will deliver the first implementation of front end authentication as part of our Web Server protection (reverse proxy) in UTM 9.2. The public beta will begin in October. Stay Tuned!
Included in 8.200 - official release on 21st of July 2011
If you wanna configure a packet filter rule based on user and NOT ip address, there is NO chance to have it right now. Having a great authentication module, there are many customers with dozen of PCs that have NOT a fixed IP address configure on each PC, but only DHCP, that would like to allow whole internet traffic in based of who is surfing internet.
Many competitors have this feature already, and in my opinion it's a key feature, since ASTARO is able to map in the middleware (so in the packet filter rules) the user's IP address is provided by the ASG, such ROAD WARRIOR IPSEC VPN with IKE config turned (IKE CONFING is a kind of DHCP over VPN) or SSL VPN. If you configure an STATIC IP address in a USER object, this ip address will be mapped in the middle once the IPSEC connetion will be triggered. At the same time, would be very useful and confortable to have the same thing when a user authenticates himself agaist the HTTP PROXY, since the HTTP PROXY knows user and IP address is trying to estabilish a connection with it.
we could reach the same final result using an external authentication SERVER for instance, even if would be interesting to have directly on the ASG, because it could allow to offer ASG in hotels that don't have any server for remote authentication.
Because it is not seldom that some big customers and goverment offices don't want to block uncategorized websites for "political reasons". If the ASG is managed by a NOC, the NOC should be noticed while an uncategorized website is surfed, so that there would be a chance to add this website either in black list if requests or sent to the URL category provider to quality it properly.
It's important to have a chance to configure retry frequency since we're using an MTA, and even if we are talking about an UTM, it's key point to have a chance to configure the scheduler for queues that are in EXIM.
It's very common in Italy to have providers that charge in base of the traffic generated.
These kind of links, that are normally very expensive, are used just in case the first internet link is full. Would be very important to have this feature such as a kind of QOS service.
unfortunatelly not. There is another feature request called "spillover" that is more or less the same thing.
I Agree... especially in case of AxG is install in a ISP
This feature is planned for UTM 9.1 which is targeted to begin beta in late 2012/early 2013 for release in Q1 2013.