These are based on the 6.807 web demo. Some of these are most likely in the works due to this being a beta.
1) The dashboard update time should be configurable. 5 seconds is a bit spastic, as the page "flashes" when it refreshes. It's like a disco UI.
2) IPS. Currently the ability to see, edit, and add to individual rules appears to be MIA. Needs to come back in some form. In the network security dashboard besides/instead of top IPS alerts, a "last 10 alerts triggered" would be nice which would include the alert ID and the number of times triggered in a period of time (24 hours?). I really like the ability to now keep a ruleset active and be able to turn off alerts.
3) There doesn't appear to be anything like the proxy content manager available anymore. It's great that end-users can be allowed to have their own portals, but the admin still needs the ability to centrally monitor and control the email quarentine. If I have a dozen employees out on maternity leave and vacation, I DO NOT want to have to log into that many user portals everyday to check for caught false-positive emails which may be business-critical and time-sensitive. That scenario is much more of a burden to me as an admin. Treat the user portal as a value-added feature, not as a complete replacement of central administration.
4) Lots of people have asked for it on these boards, but I don't see it yet. Persistent granular configuration of spam assassin rules and the ability to turn on and set parameters for beysian filtering. Without these, there is no way to fix false-positives in a meaningful manner. I don't want to whitelist joeshmoe@somewhere.com. He may be our most important business partner, who likes to send html emails with goofy junk pasted in so his mails get caught by the filter everyday. You know that the second I pop him into the whitelist, his non-AV running system will get infected with every virus, trojan, spyware, etc. known to man which will then be coming our way and every spammer on the planet will choose that time to spoof his address. Spam mitigation must happen based on content to be effective. Astaro is running Spam-Assassin which has a fantastic and tunable beysian system. Please allow us to use them to their potential without having to void our support by "hacking" config files through the shell.
5) The Up2Date blog post mentions that reporting is still being worked on. Please keep the HTTP proxy usage reports because they are not in the build on the web demo. The capability to easily see all sites a particular user has visited during a given time frame is a business necessity. It is a major means of monitoring employee productivity (or lack thereof).
6) I've been told before by tech support that this next feature was being looked into for V7, but it's not there yet. Myself and several others have asked for it in the past. Using SSO (Active Directory in my case, but eDirectory, and LDAP as well), with no changes to user browser proxy settings, LOG the user names. This could be served just by allowing the HTTP proxy on the ASG to be set to 80. It's a fusion of transparent authentication with transparent proxy. For some people, setting a proxy might be no big deal through AD, DNS, and/or DHCP. I've got an environment where these means are not feasible to ensure content protection in a timely fashion with no after effects. SurfControl and Websense can do this, Astaro should be able to as well. To my understanding, IE only sends the user name if a proxy is set, but not if it just runs as default over port 80. Think outside the box a little for other ways to achieve this. I think WebSense, SurfControl, and other professional content filtering packages do it by having a user account with priviledges elevated enough that they can read the login event logs so they can build a temporary database that can correlate username, IP address, and machine name. I need to see that www.astaro.com was visited by JSmith on Workstation7 with an IP of 192.168.1.100. Please make this happen.
7) IE7 was just released officially yesterday. The blog post mentions its' compatibility with the new WebAdmin UI. Still needs a bit of tweaking though. I know that when I tried it, I was pelted with script errors until a added the demo address to the Trusted Sites list as a workaround.
8) Nice add with the SSL VPN. If you get a chance, please work out a way that people can log into a user portal on the v7demo machine so that we can try out downloading the client and playing with it a bit. Closely related, maybe run some test traffic through to populate some of the logs, IPS, mail quarentine, etc. Easier to check things out and test with some dummy data to play with.
Ok, that's it for now. I'm going to mess with the beta more and see what else I can dig up.
