Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. make "local site list" case insensitive

    Sites like twitter – you can enter a url with any combination of mixed case and it will load the same profile page

    So adding https://twitter.com/lakelandconfess/ to the Local Site List only blocks https://twitter.com/lakelandconfess/ - any case variation and the site is allowed

    Blocked:

    https://twitter.com/lakelandconfess/

    Allowed:

    https://twitter.com/lakelandconfeSS/

    https://twitter.com/LAkelandconfess/

    https://twitter.com/Lakelandconfess/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  2. HTTPS Scanning: Opt-in selection by site or category

    I would like to request the ability to choose which web sites HTTPS scanning is applied to.

    At the moment the only option it to turn HTTPS scanning on and then compile a list of exceptions.

    We had been running our SWA (Sophos Web Appliance) environment without HTTPS scanning for a year. However a few months ago Google changes the way their search page worked and redirected all
    traffic to a secure HTTPS version of their site.

    This change forced us to switch on HTTPS scanning as it was the only way that we could continue to enforce Google Safe…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  3. Proxy: Support for TLS 1.2

    Support for TLS 1.2 connections in Web Appliance.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  4. Report: Browse Time By Site

    Browse Time By Site which will allow us to show the browse time for each user for a particular site

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. Category: CDNs

    We have always had an issue with websites which use CDN ( content Delivery Network) to host their media.
    Majority of the times the sites are incorrectly categorised and we would need to go through the tedious task of sending a request for it to be reviewed. More often than none, these request get rejected and we need to put a manual override
    in place.
    Would it be possible to create new category called CDN so we can out a default access level and avoid any future issues with sites with CDNs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
  6. Web Appliance: Allow skype with the HTTPS Scanning on

    When HTTPS scanning is enabled, Skype fails to work because it is trying to send non-HTTP traffic over the SSL tunnel.

    It is essential to be able to scan https sites and also essential to be able to support messaging apps, in particular Skype and iMessage. For Skype – maybe even setting up a simple SOCKS proxy on the Web proxy might do the trick, we do not need to examine or track the contents of the Skype messages." case 3693911

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reporting: Show traffic from redirects against original URL/Domain

    When a URL redirects to a different location or site, SWA reports show the actual sites for downloading size, etc.

    We would like the option to see the original sites they tried to access before the redirects.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. QoS in web appliance

    The ability to throttle or rate limit bandwidth consumption at a per user, per site, or per category level is extremely useful with the proliferation of multimedia sites and BYOD scenarios. One good specific example is the YouYube Pre-Fetch option on Android devices that downloads all your channels when you are on a Wifi connection. This means that when a yesr comes in and connects to our corporate wireless it is possible
    to flood the internet connection with downloads from YouTube. There are other obvious examples.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable feature for soft restart while updating/adding new WAF policies and changes occured in existing WAF policies.

    Enable feature for soft restart while updating/adding new WAF policies and changes occured in existing WAF policies. Since compete WAF restart may annoying the existing service availability to the customers. number of Financial transaction services being run through reverse proxy which could lead in trouble when you edit or delete any existing WAF rule or services.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  10. Policy: Block file uploads

    It would be good to have the option for a policy to block all file uploads.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  11. Better security on web admin gui access

    Customer observed some vulnerabilities of Sophos Web Appliance which make it a high risk for hacking.


    1. Access to Sophos Web Console - Since the IP address of SWA written in the
      Proxy settings of the Internet browser, it is very much simplier to copy it
      by any user and will just type in the URL
      https://x.x.x.x (x.x.x.x - IP address of the SWA written in the Internet
      Browser proxy settings). We suggest that access to SWA console must be in
      different port (example:
      https://192.168.1.100:4434)


    2. Unlimited attempt to access accounts in the Sophos Web Console - We don’t
      found any…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. Control URLs based on keywords

    Would like to be able to block key words in a URL.

    e.g. http://www.test.com/pages/gunblood.html & www.sophos.com/gunblood.html would both blocked by just adding the string "gunblood.html"

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  13. Whitelisting only seems to work for IP address and not DNS names

    We recently tried to whitelist a VPN connection in Secure Web Gateway, using the DNS name did not whitelist the VPN, we had to put the actual IP address in to the whitelist to get it to work.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Automatic generation of reports via backend

    Customer is requesting for Automatic generation of reports via backend as manual generation per user/site iis tedious given the number of our internet users

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Permit invalid Transfer-encoding headers

    Request: Webserver from Skat.dk is sending invalid HTTP header values when downloading certain PDF files. The RFC the webserver is violating boils down to “binary” is not a valid value for the Transfer-encoding header.

    Could the SWA optionally allow these invalid header settings so that these files can be accessed?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  16. Option to remove old connected endpoints

    We've had multiple customers requesting the option to remove old endpoints from the connected endpoints list on the WSA.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web in Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
  17. Categorization: Dynamic categorization for objectionable content

    Dynamic categorization is required to allow blocking of sites that contain objectionable content but are not categorized as such.

    For example, in some cases customers find that allowing Uncategorized sites exposes users to objectionable content, but blocking Uncategorized sites blocks sites they need to access.

    There are also situations where objectionable content might appear on categorized sites, which can be particularly problematic for school environments.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
  18. google drive

    If some one wants to allow only google drive and has also turned data leakage prevention web mail on to block gmail. They need to add google.com to the local site list and change the category to something which is allowed. This then breaks data leakage prevention. It would be nice to have an option which would allow or block google drive.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. Improve policy prioritization

    When you have a large number of policies, It’s a pain when creating a new policy because this is always created at the bottom of the list and you have to move it up a step one click at a time.

    It would be great if you could select a group of policies and move them all in one go as you can in ISA so instead of moving a policy up past 50 or 60 other policies to get it to where it needs to be.

    An alternative would be to allow you to select where to create the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Proxy: Expose Maximum Connections figure

    The Maximum Connections figure has so far only been seen by us when being actually reached, sending the proxy critical; we receive an SMS warning at that point, but no indication in reports
    or an Exception in System Status. Knowing how close to the maximum figure we are at any given time would allow us to plan ahead of time for capacity increase without causing failures and downtime – or support overhead. It is absolutely vital that a maximum,
    or, just as importantly, near maximum that will in essence effectively cause failure to be either raised as an Exception (for…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
1 2 6 8 10 18 19
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.