Here's some features that I believe would make a huge difference:
1. Automatic system backup following a successful up2date: At the completion of a successful up2date, it would be helpful if the firewall automatically forwarded a system backup by email, if the backup by email feature is enabled.
2. Bulk delete of NAT/Masquerade rules, and network and service definitions. In larger installations there are often dozens of rules and definitions created, and in some instances it is necessary to delete multiple entries. The process of clicking on each item one at a time and then waiting for the screen refresh is tedious and time-consuming.
3. Eliminate Regular Expressions: The requirement to use regular expressions in some areas of the firewall is a pain in the neck and not customer-friendly. Few customers understand how to form regular expressions and consequently the settings requiring the use of regular expressions are often either screwed up or not utilized. Regular expressions may make sense to many in the *nix community, but for many others it's a serious burden. Some other, more intuitive means should be found.
4. Logs by email. Not everyone has the wherewithall to set up a Syslog server to remotely receive logs. It would be helpful if log files could be selectively emailed nightly to designated people. For example, the person handling an internal mail server may need to receive the SMTP and POP3 logs. The systems engineer may need the DNS log. The security engineer may need the IPS and Packet Filter Logs. This also helps keep admin access to the firewall limited.
5. WebAdmin security levels: It is often necessary to give other individuals access to the firewall for specific purposes. A business manager may want to examine HTTP Proxy usage reports, a junior engineer may need to create and apply a rule, or a security engineer may need to access the IDS. It would be extremely useful (and I think easy to implement) a simple system where every feature of the firewall can be given a user-defined security level of, say, 1 through 100, with 100 being the greatest amount of privilege. A user given WebAdmin privileges is then assigned a matching privilege level, which gives them access to everything at that level and below. However, I would recommend an "exclusive" checkbox that would limit a particular user to a specific security level (in other words, it would be easy to limit someone to a specific feature). With this system, it wouldn't be up to Astaro to determine the security scheme -- this is devised by the senior admin. By default, every security level should be at 100, and the primary WebAdmin account should be stuck at level 100 with no possibility of changing it to a lower level. In the areas of the firewall where definitions are made, and rules applied, there should be two security levels -- one for read, the other for write. With this method, it is possible to give create and delete ability to a senior engineer but allow lesser privileged webadmin users to at least browse certain settings.
[ QUOTE ] 1. Automatic system backup following a successful up2date: At the completion of a successful up2date, it would be helpful if the firewall automatically forwarded a system backup by email, if the backup by email feature is enabled.
[/ QUOTE ]
I was under the impression that backups weren't (minor) version - specific.
