Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sandstorm "Suspicious Downloads" link on Dashboard

    When clicking "Suspicious Downloads" in the "Sophos Sandstorm" section of the Dashboard, the link should lead to a report showing the file names and according URLs of these suspicious files, and also the user who requested the file.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
    • Local site list: Select all

      The ability to select all, even from a filtered point of view would be very helpful when dealing with large amounts of sites per TAG

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
      • Local site list: Update sites not just add

        The ability to not just add single or multiple but update too. For example updating the TAGs for the site on mass.

        Currently this involves deleting the entries and readding the entries which can cause down time

        My example is the Office365 IP/URL list. Updating these to Custom category, over 1500 entries.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
        • Office365

          Create a TAG that updates with the IPs and URLs of Office365 by product, eg EXO, LYO, Identity, etc

          This will prevent a manual task of allowing IPs or URLs almost daily for services, or equally removing those which are no longer in use.

          There is an XML available on MS that provides this info with all updates.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
          • show details on pattern version

            it would be nice if at Sophos UTM9 we can see pattern details like the XG Firewall, so we can find out what the version of AV, IPS, etc. And the time of latest update on each protection.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Splashtop App

              Dear All,

              We installed Sophos Web Gateway on a computer and we use Splashtop Business to connect to other remote computer.

              For this Computer, we want to block all the connections except the access for Splashtop.

              So, we created a Policie, and blocked all the settings except Splashtop.

              We had the Ip address and the domain of Splashtop's servers but he changes many times.


              I don't want to add every months the new ip address or the domains.

              is it possible to Add Splashtop Business in App Filters, like Google APP?


              Thank You

              Vivien Pegane

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
              • SEA / "advanced policy options" should be availabe for Time-of-Click-policy

                hi.

                At the moment, you cannot define triggers for Time-of-Click policies via 'message attributes', because the checkbox for 'enable advanced policy options' in the policy editor is greyed out, meaning unavailable, leading to an inactive (not accessible 'Message Attributes' page. =(

                All other policy types in this section do offer these advanced options (like 'Message Attributes').

                This should be made available, to offer a more granular configuration of this type of policy.

                Thanks a lot for considering.

                (Request by customer // Sophtrac case 7209791)

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                • TLD blocking Function

                  Please add a feature that allows us to block TLD's. Currently we have to manually import a list of TLD's then tag them as being blocked. This also requires us to continuously add new ones as they are released. A feature allowing us to block them and keeping them automatically updated with new ones would be great.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                  • LocalSiteList: entries and possible subdomains

                    hi.. due to a customers proposal/feature request:

                    This is how it is at the moment:

                    --> if a LocalSiteList entry for domain.com is created, all subdomains are handled in the according way. So www.domain.com or blabla.domain.com is 'covered' as well.

                    --> if a local site list entry for subdomain.domain.com is created instead, only an exact hit is being treated according to this entry! For example blabla.subdomain.domain.com will not be covered by this entry!

                    It really would be helpful, if someone (adding such an entry) could decide and configure with a checkbox, if subdomains should be covered as well by this…

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow Bridge mode on the VM version

                      Allow the VM version to be built with the bridge mode functionality. Most servers these days come with four or more NIC's, plenty of ports to do bridge mode with a normal server without special hardware. Multiple VM's and host machines can be used for redundancy or some type of manual bypass could be used if the single VM fails. Would allow easier conversion of sites that use bridge mode and also allow them to use this as a backup method if hardware fails and they are waiting for replacement parts.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                      • Enable wildcard for subdomains under a fqdn

                        We'd want to allow wildcards to enable local site rules to apply to subdomain names - for example if we add an entry *.nhd.weebly.com or *.s3.amazonaws.com that are allowed in a given policy, then any domain name below that would also have the same allow policy applied, unless explicitly not allowed.

                        For a given local site list policy, if we blocked weebly.com and allowed *.nhd.weebly.com then 123456.nhd.weebly.com would also be allowed without needed an explicit entry.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                        • LastPass

                          In Sophos Central > Web Gateway > Application Control > Password/License recovery tool section, please add LastPass password manager

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
                          • Please add "WeTransfer" as WebAppliacation in SWA

                            "WeTransfer" should be available in WebAppliaction on the SWA.
                            Please add the Web Application control for this webservice on the SWA!
                            (Due to customers request Sophtrac 7041991)
                            Thanks for considering!
                            Kind regards...

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                            • Update HTTPS Scanning onward Hello

                              Currently once HTTPS scanning is enabled, the onward TLS Hello from the Web filter advertises all available suites, which decreases the security of the user agent configurations. Either there should be a GUI option to remove older Cyphers or the filter should copy the advertised suites from the users client hello

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                              • Not blocking many adult websites

                                web security is very bad

                                even after selecting option to block adult content, its not blocking many adult websites

                                http://www.freebunker.com
                                http://www.imagesnake.com
                                http://www.imgcarry.com
                                http://imgprime.com

                                and may more
                                please fix it immediately

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                                • More Granular Control Over Granting Access to File Sharing Services

                                  Rather than an all or nothing policy it would be extremely useful to be able to have more granular control over the level of access provided for file sharing services such as Dropbox. By more granular I mean being able to provide access to specific folders rather than the whole service. I have been advised by Sophos technical support this is currently not possible hence my request.

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Use HTTPS call for ATP events

                                    It would be wonderful, if the SWA could make an HTTPS call to an external system, like macmon (network access control), on a new ATP event.

                                    So the NAC could shutdown the switch port directly. In this way, we bring up our IT security to a higher level.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Sophos Email Appliance - recipient validation

                                      For recipient validation that you have the option to include or not include sub domains

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Logging of all requests hitting the web proxy

                                        It would be really handy if the logs showed failed authentication, or the option of showing these. If there are any other requests that hit the proxy which it ignores show these too.

                                        Resorting to packet capture on the client I think is over the top. It also can cause wasted time as presently as authentication exceptions put in like others do not always work for what ever the reason.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow mDNS/Bonjour on the local LAN to work in the browsers.

                                          Allow mDNS/Bonjour on the local LAN to work in the browsers. The web protection currently blocks them for no apparent reason.Put an option in the software to allow mDNS to work, it IS the age of iOT after all.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 13 14
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.