Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Use "Default Groups" which contain IP addresses in Connection Profiles

    Currently if you go into the “Default Groups” menu in the Web Appliance panel it shows you the available groups. You also have the option to create a group and either add Users or ip addresses into this group. As you know these groups can then be used in Additional Policies. I would like the ability to also be able to use these groups in connection profiles. Right now you have to manually add ip addresses in connection profiles. You should have the ability to also add groups that were created in the “Default Groups” menu.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  2. Direct URL Submission to Sophos from the Admin GUI

    Include the ability to submitted a recategorization request to Sophos directly from the Search -> User Submissions -> Sites page. This would make it much easier for admins to submit URLs to Sophos.

    This could be expanded to provide management capabilities for these requests. If sent to Sophos, they go into a submitted state, checked against the data periodically and then moved to a completed state once the categorization has been updated.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  3. make "local site list" case insensitive

    Sites like twitter – you can enter a url with any combination of mixed case and it will load the same profile page

    So adding https://twitter.com/lakelandconfess/ to the Local Site List only blocks https://twitter.com/lakelandconfess/ - any case variation and the site is allowed

    Blocked:

    https://twitter.com/lakelandconfess/

    Allowed:

    https://twitter.com/lakelandconfeSS/

    https://twitter.com/LAkelandconfess/

    https://twitter.com/Lakelandconfess/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  4. HTTPS Scanning: Opt-in selection by site or category

    I would like to request the ability to choose which web sites HTTPS scanning is applied to.

    At the moment the only option it to turn HTTPS scanning on and then compile a list of exceptions.

    We had been running our SWA (Sophos Web Appliance) environment without HTTPS scanning for a year. However a few months ago Google changes the way their search page worked and redirected all
    traffic to a secure HTTPS version of their site.

    This change forced us to switch on HTTPS scanning as it was the only way that we could continue to enforce Google Safe…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  5. Local Site List Alerts When Entry is Redundant

    The idea would be to automatically, periodically review the Local Site List entries and flag those (with a check box option to autoremove?) entries that are no longer needed as they no longer differ from the Sophos provided data. This would primarily impact LSL entries to set a category for uncategorized sites that are subsequently categorized. This would assist admins to reduce the number of entries in their local site list.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  6. Include Local and Sophos Data Results in the URL Tester

    Currently in the SWA admin GUI, the "Test URL" input box provides output regarding the current risk classification and categorization. This result includes any changes done in the local site list. Customer is requesting that we display both the current local overrides and the current Sophos data results if they are different.

    This would assist customers in determining if their recategorization requests have been successful with out viewing each entry under the local site list page.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reporting: Produce a Web Appliance policy report

    It could be very interesting to export the policy configuration stored on WS on pdf or xls, csv format in order to analyze the global behavior on wide environment. Actually the XML files exported by backup action are not human readable!

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow exclusions when defining networks by CIDR range

    We would like to add CIDR to a local subnet, but to be able to exclude a specific IP address or a subset. For example

    1) 192.168.0.0/24 -192.168.0.65
    - which would add 192.168.0.0/24 range to the local subnet, except for 192.168.0.65 (for a single appliance).

    2) 192.168.0.0/24 -192.168.0.12-16
    - which would add 192.168.0.0/24 range to the local subnet, except for 192.168.0.12 to 192.168.0.16 (for multiple appliances in the same subnet for load balancing / fault tolerance)

    The alternative is to add in all the included addresses in the CIDR range individually, which is time consuming.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. Report: Browse Time By Site

    Browse Time By Site which will allow us to show the browse time for each user for a particular site

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Proxy: Support for TLS 1.2

    Support for TLS 1.2 connections in Web Appliance.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  11. Disconnect currently logged on user from using the internet

    When a user is connected through the web appliance to internet, it sometimes is useful to be able to immediately disconnect him.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. WCCP: Specify alternate service IDs for HTTP and HTTPS

    When configuring WCCP, the admin should be able to specify an alternate service ID for use with both http and https, without contacting Sophos support for assistance (currently only available with http redirect).

    We have implemented WCCP with an ASA firewall. It only supports service IDs to be used once on the appliance. When configuring WCCP on multiple interfaces, alternate service IDs are required.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  13. Category: CDNs

    We have always had an issue with websites which use CDN ( content Delivery Network) to host their media.
    Majority of the times the sites are incorrectly categorised and we would need to go through the tedious task of sending a request for it to be reviewed. More often than none, these request get rejected and we need to put a manual override
    in place.
    Would it be possible to create new category called CDN so we can out a default access level and avoid any future issues with sites with CDNs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
  14. Proxy: FTP Filtering via Sophos Web Appliance

    We would like to get visibility over native FTP traffic, not just FTP over HTTP. Some organizations still make extensive use of FTP to share files and data with customers or suppliers.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to remove authentication from captive portal and present a web usage policy to accept/deny instead

    Feature Request Summary: Modify the Captive portal to allow and accept/deny button instead of the username/password field.

    What would you like this new feature to be/do? I would like to have to ability to control whether I want to present a user/pass or accept/deny depending on my application. For example, I’d like to pass my guest VLAN traffic through that, and present a terms of service and then accept/deny, but would like my SSO to fail over to the captive portal
    with the ability to login for users that SSO fails for.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  16. Policy: Option to reset the default policy or choose from pre-defined policies

    We would like to be able to reset the default policy to defaults and to have some pre-defined policies to choose as a starting point for building up their own.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  17. SMA: display which node clients are connected to

    To help troubleshooting, it would be good to be able to find out which Web Appliance a particular user is connected to within a managed group of appliances.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  18. Syslog: Log all system data, not just web traffic

    Advanced logging is needed to troubleshoot issues.

    Currently syslog only logs events such as what sites user’s visit. We need to be able to see when the appliances are rebooted, any errors that are occurring, amount of current connections on each appliance, incoming web requests, and basically anything Sophos Support can see from the backend.

    This feature would help us greatly in troubleshooting issues we are currently seeing. It is frustrating to have to contact Sophos Support when issues are occurring do to the impact to our user’s while we wait on support. If we were able to see this…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. Reporting: Show traffic from redirects against original URL/Domain

    When a URL redirects to a different location or site, SWA reports show the actual sites for downloading size, etc.

    We would like the option to see the original sites they tried to access before the redirects.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. Alerts: Support authenticated SMTP connections

    Provide the ability for reports to be sent via an authenticated SMTP server. Increasingly SMTP servers are set up to require authentication before messages can be sent. Organizations that use cloud-based email systems in particular require this capability.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.