The second point is similar to your first point "Allow administrators the ability to restrict web console access by IP ranges", it's about management access
but i am thinking more precisely like the way in "Symantec Messanging Gateway" in "control center" --> "Administration" --> "Control center" --> "Access"
it's not just about "IP ranges" but also exact IPs.
As i am asking in another post "Symantec Messanging Gateway" , i wish also to have a recovery procedure to erase this access list from the console in case of problem using the admin account only.
The SMG have the ability to restrict such access but it doesn't have the way to unlock it, so if you lost your administrator password, you will be unable to access from Web, apparently you will need to enter via console with the "root" account which is not given to try to erase the restriction from command line.
So, i think having a Recovery Procedure it's a must
I wish also to have the updates from the inline/LAN Interface, i don't like the current way, i've used 2 commercials products before Symantec, and never the management interface were used to get updates, it's very logical to keep the management just for the management and administration tasks, this interface must be hidden from Internet.
Thanks
Best Regards