Page 2 of 2 FirstFirst 12
Results 11 to 11 of 11

Thread: My Wishlist

  1. #11
    Newbie
    Join Date
    Mar 2008
    Posts
    2

    Default

    My Wish list is a little more basic, yet it affects the ability to administrate the firewall by quite a bit in my opinion.

    1.)Allow copying from the Ajax frames so that one could copy out IP address from the firewall log or other event logs

    2.)Add filtering options to the event logs so that, someone could search for certain events based on the filters.

    ( I am aware you could feed this information out to a syslog server and use something like splunk to do the analysis, which I do for correlation purposes and to alleviate these downfalls of this firewall. It still would be nice for this stuff to be native)

    3.)Allow the ability to specify how many pages we can view up to in the logs, instead of making the cap of 40 pages.

    4.)Allow the ability to control the listening ports of the actual firewall, it bothers me that I have to log into the console of the Linux box itself to control these ports when this is a firewall for one and two, why are there listening ports on the inside address of these firewalls other than the admin ports?

    5.)I know this has been mentioned before, but fix the IPS logging issue, it never flags anything.

    6.)This would be an overhaul of how Untangle is designed, but allow the ability to integrate snort into the firewall.

    7.) When viewing the event log, specifies what rule fired, yet the rules themselves are not numbered, so I have to count down from the top(very annoying)

    8.)I think it would be very practical to have not only the number, but the name of the rule listed in the description of the event log when that rule is fired so you don't have to reference back of which rule actually fired, other than, "Oh of course it was rule 37, I know what that one does"

    9.)In relation to the above, I think it would be practical to have the ability to shut off the above feature in case there are admins that don't like that feature.

    10.) Being able to create rule groupings in the rule list, so that the rules are easier to organize.

    11.) Implementing squid proxy into the firewall would be very helpful and include detailed logs for it so admins can analyze connections out to the world better and see if anything like a Trojan might be calling out to the world over 443 for example. Also the benefit of increasing performance.

    12.) I know the branding manager allows you to change the logo that is shown, but in the interest of security, I suggest that we have the ability to shut off the logo displayed at the administrative access page so it makes it more difficult to profile the firewall used, so it is more difficult for an attacker to target or bypass the firewall. I would also suggest to remove any header information in the login page to remove identifying information of what firewall is used.

    Granted the above suggestion is technically secuirty by obscurity, but most commercial firewalls do this as common practice because why do we want to make it easier for the attacker to target or bypass the firewall by saying"Hey I am an Untangle Firewall!"


    That is all I can think of at the moment, I will update as I think of more.
    Last edited by doodleface; 03-17-2009 at 12:22 PM.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2