allow the adding of custome ouytbound HTTP headers to control restrictions for cloud based apps
this would allow the adding of custom headers based on destination domain to enable specific restrictions or to apply custom headers to all domains.

Such as: Restrict-Access-To-Tenants and Restrict-Access-Context for Office 365

The cloud web gateway needs to have an import function for block/allow lists of sites. Migrating to this platform is difficult when you have to manually enter every single blocekd or allowed site that you are migrating from another platform.

It would be very useful for testing custom URL tagging if we were able to audit, in addition to allowing and blocking, clicks through to URLs we have tagged. This would allow us to deploy large changes at a large scale with no impact while we observe the potential impact.

It should be a feature to be able to allow access to certain pages within domains that are blocked.
For example block google docs as a whole but allow access to a specific URL for access to a document without having to open up access to the whole of Google Docs.

It would be very helpful to be able to throttle bandwidth usage to sites in certain categories.
For example limiting the bandwidth to sites such as YouTube.

Dear All,

We installed Sophos Web Gateway on a computer and we use Splashtop Business to connect to other remote computer.

For this Computer, we want to block all the connections except the access for Splashtop.

So, we created a Policie, and blocked all the settings except Splashtop.

We had the Ip address and the domain of Splashtop's servers but he changes many times.

I don't want to add every months the new ip address or the domains.

is it possible to Add Splashtop Business in App Filters, like Google APP?

Thank You

Vivien Pegane

Rather than an all or nothing policy it would be extremely useful to be able to have more granular control over the level of access provided for file sharing services such as Dropbox. By more granular I mean being able to provide access to specific folders rather than the whole service. I have been advised by Sophos technical support this is currently not possible hence my request.

When in a large International MPLS connected networks, allow for remote sites to live connect via their local break out internet connection rather than all web browsing traffic being pushed to the appliance via the connected links. Thus being able to benefit from full categorisation and reporting.

When the firewall appears, allow it to have a option for turning it on or turning it off.

When web content is blocked (IE: mal/jsredir-ae detected) which can be targeted in internet explorer. The specific details need to be shown in the logs. Our own site has such a problem.

" Malware detected: 'Mal/JSRedir-AE' at 'www.harrisdigi.com'
threat " Without the page loading, we cannot submit the sample. if the call was detailed we could identify the file, script, or offending plug-in.

The same issue exists with clients when they report a site that used to be accessible. They request an exception or to turn off the service. this weakens the product.

The http-proxy should classify search engine links to the classification of the final target site under consideration of the local-site-list

Explanation
Search Engines have their own URI-Classification. To track user-selection they do not reference the original target URI, but a tracking relocator of the search-engine.
This tracking URI should have the same classification as the target URI.
When computing this classification value, the proxy should take into account any local re-classifications done thru the local-site-list, and assign this one value to the tracking relocator URI

Automate or add the ability to remove systems that are no longer in use which were previously running full web control from the connected endpoints display within the web appliance dashboard section. Once an endpoint running full web control registers with the web appliance the entry is never removed.

Our customer is currently using WebMarshal for their web filtering solution and will be moving to the Sophos Web Appliance. One of the key Information Governance requirements is that they currently have a landing page when a user launches IE which advises users of the acceptable usage policy for web browsing over their network. This landing page is only displayed once every 24 hours per user session.

I believe there is no equivalent with the Sophos Web Appliance unless you use the 'Captive Portal' option which would prompt the user for authentication before they are allowed to Web browse.

Customer would like to be able to use wildcards when blocking sites. For example, they would like to be able to block all websites with the string "poker" in them.