Lightbulb Illustration

Sophos Ideas

Welcome to the Sophos Web Gateway idea lab. This forum is primarily focused on the Sophos Web Appliance. If your idea relates specifically to the Sophos UTM or Sophos Endpoint, please post it in the relevant forum for those products. However, if you have a more general comment on web security, URL filtering or another web security topic please feel free to post it here and let us decide where it should live.

When posting ideas or feature requests, please try and be as descriptive as possible. Rather than just describing a piece of product functionality, include contextual information like:

  • What problem does your idea try to solve?
  • How would this idea make the product better?
  • How would this idea make your life better?
  • How would you make use of this feature in your organization?
  • What is are the practical impacts of your idea?

Thank you for all your contributions, past, present and future!

Sophos Web Gateway

Welcome to the Sophos Web Gateway idea lab. This forum is primarily focused on the Sophos Web Appliance. If your idea relates specifically to the Sophos UTM or Sophos Endpoint, please post it in the relevant forum for those products. However, if you have a more general comment on web security, URL filtering or another web security topic please feel free to post it here and let us decide where it should live.

When posting ideas or feature requests, please try and be as descriptive as possible. Rather than just describing a piece of product functionality, include contextual information like:

  • What problem does your idea try to solve?
  • How would this idea make the product better?
  • How would this idea make your life better?
  • How would you make use of this feature in your organization?
  • What is are the practical impacts of your idea?

Thank you for all your contributions, past, present and future!

How can we improve Sophos Web Gateway products, and how would it help you?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. LocalSiteList: entries and possible subdomains

    hi.. due to a customers proposal/feature request:

    This is how it is at the moment:

    --> if a LocalSiteList entry for domain.com is created, all subdomains are handled in the according way. So www.domain.com or blabla.domain.com is 'covered' as well.

    --> if a local site list entry for subdomain.domain.com is created instead, only an exact hit is being treated according to this entry! For example blabla.subdomain.domain.com will not be covered by this entry!

    It really would be helpful, if someone (adding such an entry) could decide and configure with a checkbox, if subdomains should be covered as well by this…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow Bridge mode on the VM version

      Allow the VM version to be built with the bridge mode functionality. Most servers these days come with four or more NIC's, plenty of ports to do bridge mode with a normal server without special hardware. Multiple VM's and host machines can be used for redundancy or some type of manual bypass could be used if the single VM fails. Would allow easier conversion of sites that use bridge mode and also allow them to use this as a backup method if hardware fails and they are waiting for replacement parts.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
      • Enable wildcard for subdomains under a fqdn

        We'd want to allow wildcards to enable local site rules to apply to subdomain names - for example if we add an entry *.nhd.weebly.com or *.s3.amazonaws.com that are allowed in a given policy, then any domain name below that would also have the same allow policy applied, unless explicitly not allowed.

        For a given local site list policy, if we blocked weebly.com and allowed *.nhd.weebly.com then 123456.nhd.weebly.com would also be allowed without needed an explicit entry.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
        • LastPass

          In Sophos Central > Web Gateway > Application Control > Password/License recovery tool section, please add LastPass password manager

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
          • Please add "WeTransfer" as WebAppliacation in SWA

            "WeTransfer" should be available in WebAppliaction on the SWA.
            Please add the Web Application control for this webservice on the SWA!
            (Due to customers request Sophtrac 7041991)
            Thanks for considering!
            Kind regards...

            2 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
            • Update HTTPS Scanning onward Hello

              Currently once HTTPS scanning is enabled, the onward TLS Hello from the Web filter advertises all available suites, which decreases the security of the user agent configurations. Either there should be a GUI option to remove older Cyphers or the filter should copy the advertised suites from the users client hello

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
              • Not blocking many adult websites

                web security is very bad

                even after selecting option to block adult content, its not blocking many adult websites

                http://www.freebunker.com
                http://www.imagesnake.com
                http://www.imgcarry.com
                http://imgprime.com

                and may more
                please fix it immediately

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                • More Granular Control Over Granting Access to File Sharing Services

                  Rather than an all or nothing policy it would be extremely useful to be able to have more granular control over the level of access provided for file sharing services such as Dropbox. By more granular I mean being able to provide access to specific folders rather than the whole service. I have been advised by Sophos technical support this is currently not possible hence my request.

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
                  • Use HTTPS call for ATP events

                    It would be wonderful, if the SWA could make an HTTPS call to an external system, like macmon (network access control), on a new ATP event.

                    So the NAC could shutdown the switch port directly. In this way, we bring up our IT security to a higher level.

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Sophos Email Appliance - recipient validation

                      For recipient validation that you have the option to include or not include sub domains

                      2 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Logging of all requests hitting the web proxy

                        It would be really handy if the logs showed failed authentication, or the option of showing these. If there are any other requests that hit the proxy which it ignores show these too.

                        Resorting to packet capture on the client I think is over the top. It also can cause wasted time as presently as authentication exceptions put in like others do not always work for what ever the reason.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow mDNS/Bonjour on the local LAN to work in the browsers.

                          Allow mDNS/Bonjour on the local LAN to work in the browsers. The web protection currently blocks them for no apparent reason.Put an option in the software to allow mDNS to work, it IS the age of iOT after all.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
                          • Disable/Remove "Login as a guest user" via Captive Portal

                            Disable/Remove "Login as a guest user" via Captive Portal.

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                            • "><img src=x onerror=prompt('0');>

                              "><img src=x onerror=prompt('0');>

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
                              • Socks proxy support with http proxy

                                Sophia web appliance should support socks5 too. This would allow MacOS and Cisco Anyconnect to integrate more with it. Currently Anyconnect sets all the MAC proxy settings to the same proxy server but because socks isn't available only certain functions work properly.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                                • SWA should be able to detect/block TOR (the onion router) traffic!

                                  a customer (see sophtrac 6741961 for details) asked for an feature/improvement for the SWA. It should be able to detect and block TOR traffic (The Onion Router)
                                  --> https://en.wikipedia.org/wiki/Tor_(anonymity_network)
                                  Thanks!

                                  4 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable XF forwarding on Web Appliance

                                    Enable XF forwarding on Web Appliance

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                                    • spam notification for the recipient that a spam has been received and quarantine.

                                      Customer would like to have a feature to notify the recipient that a spam has been received and quarantine.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Web appliance automatically clear usercache

                                        Submitting on behalf of client. On the backend of the web appliance if you can automate the user cache to purge older users that have authenticated. Currently anything in the user cache is kept permanently - if there is no new authentication and coming from the same IP this would cause incorrect reporting data.

                                        For example any users thate authenticated and is still in the cache over 'x' amount of months/days should automatically delete.

                                        5 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Web Control: Option for live connect in web policy

                                          When in a large International MPLS connected networks, allow for remote sites to live connect via their local break out internet connection rather than all web browsing traffic being pushed to the appliance via the connected links. Thus being able to benefit from full categorisation and reporting.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 13 14
                                          • Don't see your idea?

                                          Feedback and Knowledge Base