Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Office365

    Create a TAG that updates with the IPs and URLs of Office365 by product, eg EXO, LYO, Identity, etc

    This will prevent a manual task of allowing IPs or URLs almost daily for services, or equally removing those which are no longer in use.

    There is an XML available on MS that provides this info with all updates.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  2. Splashtop App

    Dear All,

    We installed Sophos Web Gateway on a computer and we use Splashtop Business to connect to other remote computer.

    For this Computer, we want to block all the connections except the access for Splashtop.

    So, we created a Policie, and blocked all the settings except Splashtop.

    We had the Ip address and the domain of Splashtop's servers but he changes many times.


    I don't want to add every months the new ip address or the domains.

    is it possible to Add Splashtop Business in App Filters, like Google APP?


    Thank You

    Vivien Pegane

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to add an Image as a Footer on Outgoing mail. The image file in the form of .jpeg, .bmp, .png, etc.

    We want the ability to add an image footer to advertise an event such as an exhibition to all outgoing email.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  4. TLD blocking Function

    Please add a feature that allows us to block TLD's. Currently we have to manually import a list of TLD's then tag them as being blocked. This also requires us to continuously add new ones as they are released. A feature allowing us to block them and keeping them automatically updated with new ones would be great.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  5. LastPass

    In Sophos Central > Web Gateway > Application Control > Password/License recovery tool section, please add LastPass password manager

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. LocalSiteList: entries and possible subdomains

    hi.. due to a customers proposal/feature request:

    This is how it is at the moment:

    --> if a LocalSiteList entry for domain.com is created, all subdomains are handled in the according way. So www.domain.com or blabla.domain.com is 'covered' as well.

    --> if a local site list entry for subdomain.domain.com is created instead, only an exact hit is being treated according to this entry! For example blabla.subdomain.domain.com will not be covered by this entry!

    It really would be helpful, if someone (adding such an entry) could decide and configure with a checkbox, if subdomains should be covered as well by this…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add applications to the exempt list under AD

    Add 3plearning sites (mathletics, spellodrome) to the exempt list under active directory.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Bridge mode on the VM version

    Allow the VM version to be built with the bridge mode functionality. Most servers these days come with four or more NIC's, plenty of ports to do bridge mode with a normal server without special hardware. Multiple VM's and host machines can be used for redundancy or some type of manual bypass could be used if the single VM fails. Would allow easier conversion of sites that use bridge mode and also allow them to use this as a backup method if hardware fails and they are waiting for replacement parts.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable wildcard for subdomains under a fqdn

    We'd want to allow wildcards to enable local site rules to apply to subdomain names - for example if we add an entry *.nhd.weebly.com or *.s3.amazonaws.com that are allowed in a given policy, then any domain name below that would also have the same allow policy applied, unless explicitly not allowed.

    For a given local site list policy, if we blocked weebly.com and allowed *.nhd.weebly.com then 123456.nhd.weebly.com would also be allowed without needed an explicit entry.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  10. Update HTTPS Scanning onward Hello

    Currently once HTTPS scanning is enabled, the onward TLS Hello from the Web filter advertises all available suites, which decreases the security of the user agent configurations. Either there should be a GUI option to remove older Cyphers or the filter should copy the advertised suites from the users client hello

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  11. Not blocking many adult websites

    web security is very bad

    even after selecting option to block adult content, its not blocking many adult websites

    http://www.freebunker.com
    http://www.imagesnake.com
    http://www.imgcarry.com
    http://imgprime.com

    and may more
    please fix it immediately

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. More Granular Control Over Granting Access to File Sharing Services

    Rather than an all or nothing policy it would be extremely useful to be able to have more granular control over the level of access provided for file sharing services such as Dropbox. By more granular I mean being able to provide access to specific folders rather than the whole service. I have been advised by Sophos technical support this is currently not possible hence my request.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web appliance automatically clear usercache

    Submitting on behalf of client. On the backend of the web appliance if you can automate the user cache to purge older users that have authenticated. Currently anything in the user cache is kept permanently - if there is no new authentication and coming from the same IP this would cause incorrect reporting data.

    For example any users thate authenticated and is still in the cache over 'x' amount of months/days should automatically delete.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  14. Web Control: Option for live connect in web policy

    When in a large International MPLS connected networks, allow for remote sites to live connect via their local break out internet connection rather than all web browsing traffic being pushed to the appliance via the connected links. Thus being able to benefit from full categorisation and reporting.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
  15. As an admin I would like to test policy application also for roaming endpoints.

    On Sophos Web Appliance, actual policy tester tool does not care of roaming endpoints, if additional policy is applied for machines connecting from outside the local network, policy check results does not allow administrators to know which policy is currently applied for roaming endpoitns.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  16. Use HTTPS call for ATP events

    It would be wonderful, if the SWA could make an HTTPS call to an external system, like macmon (network access control), on a new ATP event.

    So the NAC could shutdown the switch port directly. In this way, we bring up our IT security to a higher level.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. (user- or group-) policy based option to restrict maximum filesize per download

    customer called with the need to restrict the maximum filesize of single download: like setting up a policy for a usergroup XY to allow downloads with a maximum filesize of 50MB.
    Thanks for considering ;)
    Sophtrac

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  18. SWA should be able to detect/block TOR (the onion router) traffic!

    a customer (see sophtrac 6741961 for details) asked for an feature/improvement for the SWA. It should be able to detect and block TOR traffic (The Onion Router)
    --> https://en.wikipedia.org/wiki/Tor_(anonymity_network)
    Thanks!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. spam notification for the recipient that a spam has been received and quarantine.

    Customer would like to have a feature to notify the recipient that a spam has been received and quarantine.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Web Appliance: Support Intermediate Certificates for Certificate Authority

    Customer would like to use a custom Certificate as Certificate Authority.
    According to an internal KBA "Customer Upload of Signing Certificate" the CA Certificate needs to be a top-level Root CA.
    The customers CA Certificate is not a top-level Root CA, so he needs to be able to also import an Intermediate Certificate, and therefor requests this feature

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.