1 2 Previous Next 10 Replies Latest reply on Sep 1, 2011 8:00 PM by jont717

    Feature(s) Request

      First off, I'd like to say I like the product 10x more than 6.x and just want to see the evolution of it keep improving.  That being said, here are my feature ideas/requests that maybe someone in product support can take a look at.  Heck, they may even already be there or in a newer version but I just don't know about it considering I'm running an older version 7.1.

      • Ability to via the GUI to force a user/all to reauthenticate.  This helps for troubleshooting, etc.
      • Ability to take a packet that was redirected to a proxy via WCCP, and send it right back on the wire unprocessed to the router.  Certain sites we either don't care about, don't want proxied, etc and since a router sends all traffic, the ability to do it via the GUI and totally exclude the MWG would be nice.  Whitelist is not an option because it still proxies the connection. 
      • Update documenation on cluster CA
      • Ability to clear out dashboard statistics, specifically on the charts and tables those functions.  It is had for analysts to tell trends, etc for certain for certain areas for a   I do realize there is trending for the charts.
      • Increase the customization ability of the dashboard.
      • In the drop down for appliance, have a ALL option as currently you can only select one appliance which is hard to get an aggregate for the entire environment
      • Improve on rule tracing documentation and troubleshooting 
      • Ability to have more than one destination that access ogs can be sent to.

       

      Anyone else got any others?  Like I said earlier, mainly just to keep improving on an already good product.

        • 1. Re: Feature(s) Request
          michael_schneider

          Thanks for putting these up. Interesting considerations! Please keep them comming.

           

          And again - thanks for starting the thread!

           

          best,

          Michael

          • 2. Re: Feature(s) Request
            ciffus

            I have a decentralized deployment.  I would like to see the ability to Central Management to have a common policy, but have unique settings within the policy.

            For example, each gateway has a local ICAP server.  Currently if I used CM, all proxies would use the same ICAP server. I'd like to be able to give each gateway it's own.

             

            I would also like better reporting within the gateway interface itself.

            Being able to tell the unique IPs going through, and information on failed authentication attempts.

            • 3. Re: Feature(s) Request
              asabban

              Hello ciffus,

               

              I think the general idea behind the policy is that it is shared and identical through the complete cluster. Exceptions will be hard to manage. But there are properties which allow you to identify on which node you are working, such as the UUID or IP of the proxy currently handling the request.

               

              The idea is to say something like

               

              "If Proxy.IP is 192.168.0.1 then use ICAP server 192.168.0.100"

               

              "If Proxy.IP is 10.10.10.1 then use ICAP server 10.10.10.100"

               

              This will allow you to have "unique" settings on a per location basis.

               

              Best,

              Andre

              • 4. Re: Feature(s) Request
                ciffus

                Are you saying that my desired effect is possible with the current solution?

                • 5. Re: Feature(s) Request
                  michael_schneider

                  Hi,

                   

                  that's what Andre implied

                  If you need to have different setting per location, the you can still use the usual model.

                  You have to craft different sections in the rule tree then depending on site, here is an example using System.Hostname. This requires proper DNS of course. Alternatively you can use Proxy.IP.

                   

                  proxy.png

                  best,

                  Michael

                  • 6. Re: Feature(s) Request
                    ciffus

                    Michael,

                    You just blew my mind.

                    So I only need to create the unique ICAP Client settings and then break out the Call ReqMod Server rule so that it checks the gateway ip and then tells it to use the appropriate ICAP Client setting.

                     

                    That is pretty slick!

                     

                    Thanks!

                    • 7. Re: Feature(s) Request
                      asabban

                      Thanks Michael for explaining what I wanted to say ;-)

                       

                      Some properties you may want to utilize are

                       

                      Proxy.IP - contains the IP address the client connected to (should be unique per location)

                      System.Hostname - the hostname you configured the system to have on Configuration -> Network

                      System.UUID - this is an ID which is really unique per appliance (hardware or vmware)

                       

                      As Michael explained you can use Rule Sets to differ - this allows to have per-location or per-hardware related rules.

                       

                      This is not really the easiest way to set up, but I think we have decided to do it this way since the original "exception of settings" does not really fit into the rule based approach any longer.

                       

                      Plese let us know in case you encounter problems.

                       

                      In regards to your other queries I think we do not have this right out of the box, but there is some information which may be interesting for you.

                       

                      To see what happens around Authentication, please look at Dashboard -> Charts and Tables -> Authentication Statistics. You can see how many requests have been done and how long processing took. You can also see if the backend connection is alive. In case something strange goes on you may notice an error or strange graphs here. Unfortunately this won´t help you understanding why a single auth request failed - this is still manual work :-(

                       

                      In regards to unique client IPs you are right, we do not really count them. What you can do is look at Dashboard -> Charts and Tables -> Traffic Volume. On the bottom you can see the TOP Source IPs by traffic and requests. With the dropdown box you can see the "top 1000" - which will at least show you the top 1000 IP addresses. In case less than 1000 nodes are on your network you will also see all unique IPs :-) In case there are more than 1000 yes, you will only see the top list - for a detailled view of ALL IPs Web Reporter may give you the answer.

                       

                      Best,

                      Andre

                      • 8. Re: Feature(s) Request
                        michael_schneider

                        Exactly Ciffus

                        Just create as many ICAP settings you need and use them in the context you require.

                        Happy deplyoment,

                        Michael

                        • 9. Re: Feature(s) Request
                          ciffus

                          This took me about 5minutes to configure, deploy, and test successfully.

                          Now I am VERY happy managing the gateways from a single console!!!

                          Thanks again!!!

                          1 2 Previous Next