Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add SWA Report: Top Bandwidth By Category (Top 20)

    The customer needs the following reports:

    Top Bandwidth By Category (Top 20)
    Top Bandwidth By Sites (Top 20)

    He needs this for audit.

    How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have:
    3 = Important for audit

    NOTE: Top Bandwidth by Site (20) is already established as another feature request.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Awaiting Feedback  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  2. SWA Browse Time By User Needs Hour Granularity

    We would like to have a report similar to “browse time by user” but includes time of day filters. For example, we would like to see browse time for a specific user between
    9 AM and 5 PM, Monday to Friday.

    How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have: 4

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. X-Forwarded-For feature for web appliance

    organisation uses the Google Apps suite quite heavily. We put so much load to them that they end up putting Captcha verifications on searches as per this doc: https://support.google.com/websearch/answer/86640?hl=en

    A way to mitigate these things from happening in scenario’s where organisations may have all of their traffic exiting one or two public IP’s is to implement the X-Forwarded-For into the HTTP header. It means that the web server in question (eg Google) can differentiate between one client and the other.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →

    We have implemented a back-end feature to add X-Forwarded-For headers to HTTP requests in version 4.2.0 of the Web Appliance. At present it must be enabled by Sophos support but we are considering adding it as a UI option in the future.

    Note that this feature only works for non-secure HTTP so it may not help for the Google situation where the default is for traffic to use HTTPS. This is because with HTTPS, the headers are all part of the secured, encrypted communication within an SSL tunnel. There is no equivalent protocol that would work on SSL traffic.

  4. Report Scheduler - Schedule a single report

    Customer would like to be able to schedule only a single report in the Report Scheduler, rather than a 'Package' of reports.

    For example, their managers receive scheduled reports, but are only interested in seeing users by 'Browse Time'. However, they cannot schedule a report that ONLY includes 'Browse Time'. Instead they have to schedule the Policy Compliance report which includes other data like 'Policy Violators'.

    They do not want their managers to be sent 'Policy Violators' data. This report 'scares' them. They are non-technical users and do not necessarily understand that people are sometimes unwittingly violating the policy.

    Therefore…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  5. Disble via-headers

    Customer would like to have the ability to disable the via-headers in the outgoing HTTP-Request to the server providing the page.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  6. Exempt URLs from caching

    For Web Security. A feature that will allow administrator to manually add/ remove URL to be exempted from being Cached in WS products.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. Category request: Split the Proxies & Translators Category

    Customer requested that these two items be split into separate categories as they would be unrelated for the most part.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
  8. Category: Social Networking

    Despite the growing number of Social Networking sites such as Facebook, Twitter, Google+, the Sophos Web Filter does not have a ‘Social Networking’ category, and instead places such sites in ‘Personals and Dating’ by default.

    In our opinion, Personals/Dating sites are very different to Social Networking sites, the latter having a legitimate business need to be accessed by certain teams within the organisation, whereas the former does not.

    Therefore, we request that you add ‘Social Networking’ to the list of website categories on the Sophos Web Filter, so that we can streamline appropriate access to such sites.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
  9. Safesearch for endpoint

    Posted the idea in endpoint side as I didn't know where to put this.

    web appliance has the safesearch option, but the endpoint web control does not.

    confusing for customers because if they enable safesearch and are using full web control they do not get safesearch.

    having it in both would take way this confusion.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web in Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  10. Block upload of attachments to webmail servers

    At the moment Web Appliance can only block downloads of certain files. What the customer wants is to be able to block uploads of attachments to webmail servers like Yahoo, Gmail, etc. BUT allow sending of emails. So emails can be sent but no attachments.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  11. HTTPS Scanning: Opt-in selection by site or category

    I would like to request the ability to choose which web sites HTTPS scanning is applied to.

    At the moment the only option it to turn HTTPS scanning on and then compile a list of exceptions.

    We had been running our SWA (Sophos Web Appliance) environment without HTTPS scanning for a year. However a few months ago Google changes the way their search page worked and redirected all
    traffic to a secure HTTPS version of their site.

    This change forced us to switch on HTTPS scanning as it was the only way that we could continue to enforce Google Safe…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. Proxy: Support for TLS 1.2

    Support for TLS 1.2 connections in Web Appliance.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  13. Report: Browse Time By Site

    Browse Time By Site which will allow us to show the browse time for each user for a particular site

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Category: CDNs

    We have always had an issue with websites which use CDN ( content Delivery Network) to host their media.
    Majority of the times the sites are incorrectly categorised and we would need to go through the tedious task of sending a request for it to be reviewed. More often than none, these request get rejected and we need to put a manual override
    in place.
    Would it be possible to create new category called CDN so we can out a default access level and avoid any future issues with sites with CDNs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
  15. Web Appliance: Allow skype with the HTTPS Scanning on

    When HTTPS scanning is enabled, Skype fails to work because it is trying to send non-HTTP traffic over the SSL tunnel.

    It is essential to be able to scan https sites and also essential to be able to support messaging apps, in particular Skype and iMessage. For Skype – maybe even setting up a simple SOCKS proxy on the Web proxy might do the trick, we do not need to examine or track the contents of the Skype messages." case 3693911

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  16. Reporting: Show traffic from redirects against original URL/Domain

    When a URL redirects to a different location or site, SWA reports show the actual sites for downloading size, etc.

    We would like the option to see the original sites they tried to access before the redirects.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. QoS in web appliance

    The ability to throttle or rate limit bandwidth consumption at a per user, per site, or per category level is extremely useful with the proliferation of multimedia sites and BYOD scenarios. One good specific example is the YouYube Pre-Fetch option on Android devices that downloads all your channels when you are on a Wifi connection. This means that when a yesr comes in and connects to our corporate wireless it is possible
    to flood the internet connection with downloads from YouTube. There are other obvious examples.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enable feature for soft restart while updating/adding new WAF policies and changes occured in existing WAF policies.

    Enable feature for soft restart while updating/adding new WAF policies and changes occured in existing WAF policies. Since compete WAF restart may annoying the existing service availability to the customers. number of Financial transaction services being run through reverse proxy which could lead in trouble when you edit or delete any existing WAF rule or services.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. Better security on web admin gui access

    Customer observed some vulnerabilities of Sophos Web Appliance which make it a high risk for hacking.

    1. Access to Sophos Web Console - Since the IP address of SWA written in the
    Proxy settings of the Internet browser, it is very much simplier to copy it
    by any user and will just type in the URL
    https://x.x.x.x (x.x.x.x - IP address of the SWA written in the Internet
    Browser proxy settings). We suggest that access to SWA console must be in
    different port (example:
    https://192.168.1.100:4434)

    2. Unlimited attempt to access accounts in the Sophos Web Console - We don’t …

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Whitelisting only seems to work for IP address and not DNS names

    We recently tried to whitelist a VPN connection in Secure Web Gateway, using the DNS name did not whitelist the VPN, we had to put the actual IP address in to the whitelist to get it to work.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.