General Feature
|
Details |
Customer
|
Date
|
automated backups over network
|
Ability to setup scheduled backup over network to CIFS, FTP, etc. Feature should include expiration -- ie. store five backups max. Use backup options of Barracuda SPAM firewall as model.
|
Maturity Feature
ASD20
|
|
| over-ride account password reset |
As of 2.0.x, 8e6 admin must delete/recreate account to reset password. This is painful for 8e6 admin/customer.
|
CCSD, ASD20
|
Jan 2008
|
remove pop-up from authentication
|
as of R3000 v1.x and 2.0/2.1, all tier2/tier3/over-ride authentication includes pop-up that can be blocked via browser/firewall/etc. authentication should not use pop-up, but rather keep session in 'base/home' window used for authentication.
|
Maturity Feature -- any customer using web-based auth.
CCSD
|
Feb 2008
|
hits/second sizing metric in GUI
|
ability to determine how much web traffic being filtered by R3000 and whether this meets spec of box. This could be reprsented by basic RED, GREEN, YELLOW light on GUI.
|
Maturity Feature -- any customer
ASD20, SLPS, ESU10, CCSD
|
Nov 2007
|
hit/second trending
|
ability to determine max and average Hits/sec values for any given day, week, month
|
Maturity Feature -- any customer
|
Nov 2007
|
additions to Active Profile Lookup
|
APL should show (1) rule # (or custom), and (2) any URL exceptions in place for assigned profile.
|
LPS, etc.
Obvious benefits for 8e6 admins, operations, and helpdesk folks.
Will become more important when URL exceptions available authenticated profiles (v2.1.x release).
|
March 2008
|
resizable management interface
|
R3000 Java applet for management has always been fixed size. Two primary complaints: (a) 8e6 admin with huge monitor sees tiny R3000 admin interface, and (b) right-hand side of URLs in some sections of UI aren't viewable because can't expand right-side of UI.
|
Long standing frequent customer complaint. ASD20, SLPS, DPS, etc |
2002 |
IPGROUP name in shadow.log
|
IPGROUP names should be logged to shadow.log and made available to ER for reporting. Customer doesn't want to see "IPGROUP" in Reporting -- but rather the name of IPGROUP (eg. "HighSchoolXYZ").
|
ALL customers. maturity. constant source of end-user confusion.
|
2002 |
| reverse tunnel for remote access |
8e6 admin should be able to initiate "secure tunnel" from R3000 to 8e6 HQ to allow 8e6 support to access box. This required because static public IP setup often hurdle for customer. Hide NAT typically always present. Replicate the "secure tunnel" feature of Barracuda Networks SPAM firewall or add security features to existing "secure access" feature of ER. |
maturity feature. long requested since day #1 working with 8e6 |
2002 |
| nag alerts for ALERT and RTD features |
Because of necessity to configure these two R3000 features, the R3000 management interface should include "alert" section (on HOME tab) that spells out any problems. This should NOT be a pop-up. Alert email settings and Range_to_Detect should always be configured correctly. |
maturity feature. |
2002 |
| "alert" section on HOME tab |
R3000 management interface should include "alert" section that spells out any outstanding issue with appliance. the "alerts" should stay "open" until acknoledged in some manner (ie. click check-box and 'submit', etc). This "alert" section should minic/replicate what's distributed via SMTP/email. |
maturity feature |
2002 |
| HEALTH light on HOME tab |
Basic R3000 health status on HOME tab -- represented by GREEN, YELLOW, or RED. The color of light could include various factors (see "alert" features above) and also include basic performance/throughput (ie. box fully operational, box loaded down -- concern, box CPU max'ed -- red alert, etc). |
maturity feature |
2002 |
| Global Profile use RULE? |
As of v2.0.x, the Global Group Profile can't leverage RULE defined by 8e6 admin. This is point of confusion for 8e6 administrators; past, present, and future. The Global Group Profile already has pull-down. The 8e6 admin should be able to use pull-down to select existing RULE. |
maturity features. reviewed with more customers than can be counted -- a frequent issue during EDU process. |
2002 |
| Delete URL in VIEW pane |
Ability to delete entry directly from "View URL addition/deletion list". This is accessed from VIEW tab of URL property of category. 8e6 admin should be able to high-light and click "delete" in this interface -- currently, can only view (leading to obvious questions from 8e6 customer, how do I delete?). true as of v2.0.x. |
|
|
| HTTPS_Filtering audit option |
ability to audit "what would happen" if feature enabled (at whatever setting). This would allow new 8e6 customers to test feature and determine which specific business-related sites would be affected (so can remediate with 3rd party). as of v2.0.x, the HTTPS_Filtering feature is all or nothing with no specific way to audit results. |
maturity. common request during dialog |
2002 |
| HTTPS_Filtering white-list option |
ability to specific specific domain to whitelist from HTTPS_Filtering. This would allow 8e6 admin to enable HTTPS_Filtering (with forward DNS query) and still allow access to HTTPS site known to have cert/dns mismatch. specific to "forward DNS query.." introduced with v2.0.10.x |
maturity. |
2008 |
| Integrate management |
Consolidate management -- and reporting -- interfaces into single UI. |
|
|
| Visual export of config and policy |
Often field inquiries from customers about how to "summarize" all R3000 configuration. The general idea is to provide visual export of configuration and policy (rule defs, etc). Could easily be done using Mindmap strategy. http://freemind.sourceforge.net/. |
CCSD |
2008 |
Per site/URL over-ride
|
Use-case: students in class need to get to specific web SITE (or specific URL) that is typically blocked. The teach can input over-ride account to grant student access to that specific URL/site -- the students maintain their existing profile policy. This teach-granted SITE/URL over-ride has time-expiration.
|
LPS, CCSD, ASD20
|
2006
|
Time expiration on Tier3 auth profiles
|
8e6 Tier3 authentication is session-based maintain by java applet.
Use case: Need way to "expire" tier3 profile for teacher who walks away from workstation -- not closing all browser instances -- or logging off workstation.
|
CCSD
|
2008
|
Tier3 inactivity expiration
|
8e6 tier3 authentication is session-based java applet.
Use case: end-user leaves computer and forgets to logoff workstation. The java applet should have ability to "monitor" web traffic and watch for browser inactivity. Browser inactivity expiration should be a administrator preference.
|
Product maturity.
CCSD, ASD20
|
2008
|
Administrative purge for Tier2 profile(s)
|
Use-case: ability for 8e6 admin to selective purge active Tier2 profiles. 8e6 admin should be able to search based on AD username, view current profile, view remaining time, and selective purge/expire
|
Product maturity.
CCSD
|
2008
|
R3000 sync option for UPGRADE only
|
current 8e6 R3000 synchronization feature doesn't include LDAP domain details and other ??? profile/object-related items. The R3000 sync feature is the ONLY current option to migrate between different R3000 models (example: "G" upgrade to "H"). There must be option to include everything related to policy objects, profiles, rules, domain preferences, library, over-ride accounts, etc. The idea new R3000 hardware is TARGET and is changed to "Stand-alone" following one-time sync.
|
product maturity.
|
2007
|
(bug) invalid Tier3 applet
|
Use-case: have tier3 authenticated session on desktop/laptop. Put desktop/top to StandBy (eg. Windows XP/Vista). Wake-up machine. Next browser attempt provides expected re-auth challenge and NEW tier3 auth "badge" window. Closing the old (and invalid) tier3 "badge" window from before StandBy kills the existing tier3 session. BAD.
|
ongoing problem since tier3 has been in existence.
|
2003
|
category with "walk" x-level
|
A special custom category option that allows 8e6 admin to enter specific URL and 8e6 R3000 will "walk" the web page and include all URL's within admin specified level. should have option to exclude links outside URL domain. Example: 8e6 admin enters specific URL to flickr.com with "one-level". R3000 separately queries the URL and auto-includes all links "one-level deep" into category. The auto-walk feature should have option to schedule "walk" as admin specified interval.
|
ongoing problem since inception.
Library of Congress posting stuff on Flickr (per customer) and wants to block 8e6 category -- but have custom category to allow access to specific flickr URL and related images.
|
2003
|
"LAB over-ride" elevated profile -- centrally controlled by one user.
|
IPGROUP over-ride account that would effect desired profile for all members of IPGROUP.
Example use-case:
EDU lab environment. specified number of workstations with students. teacher can enter administrative over-ride account on "teacher workstation" and have new profile apply to all members of IPGROUP.
The preferred method is to have the LAB over-ride be authenticated off LDAP directory (ie. could leverage window domain auth -- so teacher doesn't have to learn/remember different over-ride account).
additional consideration: would be ideal if method to track student logged onto workstation while "lab over-ride" in place.
"<domain>/joestudent/lab_sallyteacher
|
competitive
|
|
SSL block page
|
When R3000 blocks SSL connection based on HTTPS_Filtering, the end-user should receive a block page. While this not possible with 8e6 in bypass mode (ie. not in-line or SSL transparent proxy). Some option must be available for customers who find this unacceptable and willing to make architecture changes to accomodate (example: transparent proxy integration for SSL man-in-middle, etc).
|
competitive, ASD20
|
|
CFM weighting for vertical/customer
|
cater to EDU by insuring all EDU CFM data does into single CFM database for scrub. In addition, suggest key "top-100" EDU customers put in separate CFM database and give focused attention on classification. Reach out to EDU customers to convince CFM to be enabled ... justify why, give advantages, address FUD/privacy issues.
|
competitive, ASD20
|
|
Proxy Engine section of GUI
|
because of topic sensitivity with EDU customers, this feature needs better visibility in GUI -- and likely more features to provide insight.
|
competitive |
|
Content Inspection -- uncategorized
|
Applies to uncategorized sites. page content inspection and analysis to make classification based on heuristics for existing classified page types. Example: 8e6 knows what "news" and "shopping" sites should look like. Compare uncategorized site against known classifications to make approximate real-time evaluation.
|
competitive SmartFilter?
|
|
Content Inspection -- parsed allow
|
Applies to categorized sites. Allow pages in site ONLY if keywords not found in page content (ie. lexicon for porn, nefarious, etc).
|
competitiv, ASD20 |
|
URL Pattern Match -- Phishing protection
|
Many phishing links sent via email match identifiable pattern. Work with antispam/ecommerce vendors to maintain updated patterns to identify phishing URLS and block on fly. use-case: When phishing email makes it past anti-spam filter to end-user Inbox.
|
security
|
|
regex for URL keyword
|
ability to use regex for URL keyword (assigned to category).
|
competitive -- Websense
|
|
regex for search engine keyword
|
ability to use regex for search engine keyword (assigned to category). |
competitive -- Websense |
|
add ROOT domain to category
|
ability to add foreign "root domains" to custom categories. This would allows EDU customers to block student access to foreign sites (and potentially inappropriate content). Example: .ru .cz
|
mgmt usability
|
|
default "Filter Options" preference
|
8e6 PROFILE includes (a) rule, (b) block page options, and (c) "filter options". Each time profile assigned to policy object, the "filter options" must be manually set. Very often, the "filter options" are always set the same. Thus, would be nice to have ability to have (a) "default" preference for all "filter options", or (b) ability to tie "filter options" to rule definition. All this would include ability to reset "filter option" preferences to specified value (ie. after the fact).
|
ease-of-management
|
|
expiration and comment for URL addition
|
Teacher makes request to have site whitelisted for the current EDU quarter. The 8e6 admin adds URL to appropriate category -- and specifies expiration and comment. This allows category entry to disappear after defined period, keep custom categories from bloating up in size, and allows different 8e6 admins to understand what peers are doing (ie. the comments). Feature implies an AUDIT trail of when URL addition created, by who, and when expired, etc.
|
ease-of-management, maturity, ASD20
|
|
| expiration and comment for OVER-Ride accounts |
management ease-of-use feature. Have commet associated to creation of over-ride account with option for expiration. Example: account good for school year and expire (ie. become LOCKED) afterwards. |
Ease-of-management, maturity, ASD20
|
|
| allow backup/restore between different R3000 models |
Ideally, R3000 config and library backup should be to model-neutral data format like XML, etc. |
target: any 8e6 customer buying new appliance. maturity |
|
LDAP "nested" group support
| very common practice for Directory Service administration is to leverage nested groups (ie. a group who's members include other groups).
| ease of use. management. ASD20
|
|
browser pop-up blocker tests
| anywhere 8e6 services are accessed, the 8e6 provided content should include test for browser pop-up blocker. This would especially benefit 8e6 administrators applying software patches and end-users using tier2/tier3 web-based authentication. Browser pop-up blockers are an adoption issue far too often.
| ease of use. reduce hurdle to adoption.
|
|
| scheduled install of patches | ability to click check-box and have downloaded patch install at
predefined time (example: install patch XYZ at 2AM on next day). | customer suggestion (CBOCES)
| mid 2008
|
script/API interface
| ability to leverage script and/or API to remotely managed contents of R3000 custom categories. this would allow reseller/customer to build specific web-application to meet exact use-case requirements
| BVSD
| late 2008
|
system health monitoring SERVICE
| important that all 8e6 appliances share same underlying "health monitor" service that leverage different configuration file (ie. config specific to appliance type and 8e6 product services). Health monitor service should include option to alert 8e6 admin via various methods -- email, GUI alerts, GUI lights -- and should have option for "phone-home" that appliance will alert 8e6 HQ about any problems (software or otherwise) and auto-spawn 8e6 support request. This request in direct result from many customers who don't know about particular appliance problems until AFTER a problem has occured. Sometimes, the problems can be remedied before customer suffers.
The "phone-home" feature should be (a) optional, and (b) configurable -- to include statistics, licensing, health, etc to allow 8e6 HQ to better automate and service customer.
|
|
|
