Secure Web Gateway
Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.
-
Website Tags - Options to Warn / Audit
It would be very useful for testing custom URL tagging if we were able to audit, in addition to allowing and blocking, clicks through to URLs we have tagged. This would allow us to deploy large changes at a large scale with no impact while we observe the potential impact.
2 votes -
Allow access to specific URLs with the rest of the domain blocked
It should be a feature to be able to allow access to certain pages within domains that are blocked.
For example block google docs as a whole but allow access to a specific URL for access to a document without having to open up access to the whole of Google Docs.3 votes -
Bandwidth Throttling Based On Category
It would be very helpful to be able to throttle bandwidth usage to sites in certain categories.
For example limiting the bandwidth to sites such as YouTube.3 votes -
Splashtop App
Dear All,
We installed Sophos Web Gateway on a computer and we use Splashtop Business to connect to other remote computer.
For this Computer, we want to block all the connections except the access for Splashtop.
So, we created a Policie, and blocked all the settings except Splashtop.
We had the Ip address and the domain of Splashtop's servers but he changes many times.
I don't want to add every months the new ip address or the domains.is it possible to Add Splashtop Business in App Filters, like Google APP?
Thank YouVivien Pegane
2 votes -
More Granular Control Over Granting Access to File Sharing Services
Rather than an all or nothing policy it would be extremely useful to be able to have more granular control over the level of access provided for file sharing services such as Dropbox. By more granular I mean being able to provide access to specific folders rather than the whole service. I have been advised by Sophos technical support this is currently not possible hence my request.
2 votes -
Web Control: Option for live connect in web policy
When in a large International MPLS connected networks, allow for remote sites to live connect via their local break out internet connection rather than all web browsing traffic being pushed to the appliance via the connected links. Thus being able to benefit from full categorisation and reporting.
2 votes -
when the firewall appears, allow it to have a option for turning it on or turning it off.
When the firewall appears, allow it to have a option for turning it on or turning it off.
2 votes -
When content is blocked, the log should detail the specifics
When web content is blocked (IE: mal/jsredir-ae detected) which can be targeted in internet explorer. The specific details need to be shown in the logs. Our own site has such a problem.
" Malware detected: 'Mal/JSRedir-AE' at 'www.harrisdigi.com';
threat " Without the page loading, we cannot submit the sample. if the call was detailed we could identify the file, script, or offending plug-in.The same issue exists with clients when they report a site that used to be accessible. They request an exception or to turn off the service. this weakens the product.
1 vote -
Enhance the Web Filter Action
Dear Sir/Madam,
I had a problem with the Filter action and how we can add the URL in “ Allow these websites”. When I checked with the support to troubleshoot this problem . We eventually reached to the point that sometime if I want to allow a certain website like: www.sabb.com, I have also to add additional URL related to this URL like:
ssl.google.analystics.com , member-hsbo-group.com and www.googleleadservice.com.I told the support this is not practical way to add to “ allow these websites” , it is difficult to find in the logs every time and find which…
1 vote -
reconnection the client AV with the Web Appliance and Enterprise Console should be easy
Customer have 300+ connected endpoints currently only about 100 are active because of some issue with the GUID’s and SWA not liking existing one. They install sophos ESC via a login script when a machine
logs onto the domain. The enterprise console enables Web Control on the endpoints. Enpoint control is enabled on the SWA. This was working for for about the first 6 months on installation then around October 2014 a lot of the connected endpoints in SWA were showing as inactive. Manually uninstalling SESC and re-installing would show them as active again and web filtering would be enforced.…1 vote -
Classification of Search-Engine Results
The http-proxy should classify search engine links to the classification of the final target site under consideration of the local-site-list
Explanation
Search Engines have their own URI-Classification. To track user-selection they do not reference the original target URI, but a tracking relocator of the search-engine.
This tracking URI should have the same classification as the target URI.
When computing this classification value, the proxy should take into account any local re-classifications done thru the local-site-list, and assign this one value to the tracking relocator URI1 vote -
Reverse DNS lookup on IP requests.
When the customer performs a remote desktop session in TeamViewer it sometimes attempts to connect to an IP address rather than to a URL. When running a reverse DNS lookup on the IP we can see the correct TeamViewer domain (which is allowed by policy but the IP is blocked for being uncategorized).
I have special group of users allowed to access TeamViewer servers (for desktop sharing). Unfortunately a lot of TV servers are not categorized, as TV application access them with IP addresses not with names:When a request comes in for an IP address, attempt an RDNS lookup…
1 vote -
Decomissioned systems running full web control should automatically be removed from dashboard after no activity for some time
Automate or add the ability to remove systems that are no longer in use which were previously running full web control from the connected endpoints display within the web appliance dashboard section. Once an endpoint running full web control registers with the web appliance the entry is never removed.
1 vote -
Display an 'Acceptable Use Policy' page without requiring login
Our customer is currently using WebMarshal for their web filtering solution and will be moving to the Sophos Web Appliance. One of the key Information Governance requirements is that they currently have a landing page when a user launches IE which advises users of the acceptable usage policy for web browsing over their network. This landing page is only displayed once every 24 hours per user session.
I believe there is no equivalent with the Sophos Web Appliance unless you use the 'Captive Portal' option which would prompt the user for authentication before they are allowed to Web browse.
2 votes -
"Allow user feedback" that is anonymous
The American Civil Liberties Union successfully filed suit against a school district for not allowing anonymous submission for changes to blocked web sites. I am requesting that under “Allow User Feedback” that the request come in anonymously even when Active Directory / eDirectory authentication is enabled.
What would you like this new feature to be/do? Allow anonymous submission for changes to blocked websites when “Allow User Feedback” is enabled and LDAP authentication is enabled.
How will this new feature address your business requirements? It will allow us to comply with the legal requirements of the United States and Washington State.
…
1 vote -
Using wildcards in Local Site List
Customer would like to be able to use wildcards when blocking sites. For example, they would like to be able to block all websites with the string "poker" in them.
25 votesUnder Review ·
AdminRich Baldry
(Product Owner, Web Protection, Sophos Features & Ideas Laboratory)
responded
We are considering this capability as a feature for the Web Gateway roadmap.
- Don't see your idea?
