Secure Web Gateway
Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.
-
Administrator audit log
An audit log of all the actions and policy changes performed with the username, date and time.
53 votesPlanned ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This will not be ready in the timeframe previously outlined, but is very much in our plans.
-
Reporting: Real-time view of traffic/connections in GUI.
Customers would like to be able to see what connections are occurring through the appliance an any given time to be able to look at load issues or to troubleshoot issues with out the help of support.
47 votesWe have addressed some of the operational issues with connections in version 4.0 by removing the limitations on concurrent connections. We will look again at this specific feature in the future if there is still strong demand.
-
SNMP monitoring on the Web appliance
Implementing SNMP to get all critical information from CPU, HDD, Memory and NW Card. If it is possible to get the counters from the status page that would be very nice.
We must have all our systems in production in our network monitoring system to get the relevant information needed for SLA and capacity planning. SNMP is the preferred method for doing this.
41 votes -
Multi AD Support
Some customers have more than one AD domain not trusted each other
37 votesThis feature did not make the cut for our upcoming releases but will be considered in the future.
-
Provide Automated Feedback to Customer Regarding their URL recategorization Request
Several customers have taken issue with our URL recategorization page:https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx and the fact that they receive no feedback regarding their requests. They would like to be notified when the request has been processed and information regarding if it was approved or denied. Other vendors do provide this feature.
26 votes -
Allow individual users to be able to download certain extensions from individual websites
We would like to be able to allow individual or a group of users to be able to download a file type from a certain website only.
for example if ZIP files are blocked from being downloaded, however we have three users that often download from dropbox. We would like to allow these three users to be able to download ZIP files from dropbox only.
24 votes -
Web Appliance: Allow skype with the HTTPS Scanning on
When HTTPS scanning is enabled, Skype fails to work because it is trying to send non-HTTP traffic over the SSL tunnel.
It is essential to be able to scan https sites and also essential to be able to support messaging apps, in particular Skype and iMessage. For Skype – maybe even setting up a simple SOCKS proxy on the Web proxy might do the trick, we do not need to examine or track the contents of the Skype messages." case 3693911
24 votes -
Ability to block content based on YouTube content / category rating
Similar to Youtube for Schools, allow customers to allow or block based on YouTube content / category ratings. This has been requested by a 3,500 user Government prospect:
18 votes -
Ability to clear DNS cache via Web Interface.
Ability to clear DNS cache via Web Interface.
A simple button similar to the Clear Cache button to clear DNS information.
At the least a option on the console (CLI) could be added to clear this.If important business related websites change
IP addresses the SWA will continue to use old DNS/IP information until
cleared or TTL is reached. This causes major issues if the SWA is the only
internet gateway. Clearing/Refreshing DNS requires a Sophos Console Support
session. Clearing the cache should be a simple process.16 votes -
automatically download file after scanning
it will be nice if file can be automatically downloaded after scanning without click on the "Click here to retrieve file".
Another to raise this request is a file scanned by Sandstorm would be downloaded automatically.15 votes -
X-Forwarded-For feature for web appliance
organisation uses the Google Apps suite quite heavily. We put so much load to them that they end up putting Captcha verifications on searches as per this doc: https://support.google.com/websearch/answer/86640?hl=en
A way to mitigate these things from happening in scenario’s where organisations may have all of their traffic exiting one or two public IP’s is to implement the X-Forwarded-For into the HTTP header. It means that the web server in question (eg Google) can differentiate between one client and the other.
14 votesPlanned ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We have implemented a back-end feature to add X-Forwarded-For headers to HTTP requests in version 4.2.0 of the Web Appliance. At present it must be enabled by Sophos support but we are considering adding it as a UI option in the future.
Note that this feature only works for non-secure HTTP so it may not help for the Google situation where the default is for traffic to use HTTPS. This is because with HTTPS, the headers are all part of the secured, encrypted communication within an SSL tunnel. There is no equivalent protocol that would work on SSL traffic.
-
ATP: Send alert on ATP incident
A customer has requested be below:
I like the new Advanced Threat Protection applet on the Sophos web filtering management appliance but I think that it would be very useful to add a system alert for Threat Detected.
We have several SMAs that manage web filtering across several different environments so it would be very useful to receive an email when a new threat has been detected instead of having to manually visually check each SMA.
13 votes -
Report Scheduler - Schedule a single report
Customer would like to be able to schedule only a single report in the Report Scheduler, rather than a 'Package' of reports.
For example, their managers receive scheduled reports, but are only interested in seeing users by 'Browse Time'. However, they cannot schedule a report that ONLY includes 'Browse Time'. Instead they have to schedule the Policy Compliance report which includes other data like 'Policy Violators'.
They do not want their managers to be sent 'Policy Violators' data. This report 'scares' them. They are non-technical users and do not necessarily understand that people are sometimes unwittingly violating the policy.
Therefore…
13 votes -
Ability to whitelist Youtube channels
Ability to whitelist complete you-tube channels in the WebAppliance
12 votes -
Ability to bypass HTTPS scanning for certain internal IP/IP range.
As it would be impossible to push out a SSL certificate to a guest network, or to custom non-pc system, this would allow customer to still use HTTPS scanning for the rest of the network
12 votesCustomers with this requirement should consider XG Firewall.
-
websocket support in SWA
Hi..
customers would like to have websockets (RFC 6455) being supported/transported by the SWA.
Thanks a lot for considering!
Kind regards..
uɐɟǝʇS(Sophtrac 7432710)
10 votes -
button ON or OFF with different color
For all options with the choice between ON or OFF, customer asked to help to see the difference with a Green color when it's ON and a Red color when it's OFF
10 votes -
Block custom file extentions
I would like to see the ability to block custom file extensions and not just the predefined ones.
9 votes -
Web Appliance: Granular Help desk role options
It would be fantastic to have the ability to lock down each section inside of Web Appliance so that certain activities could be delegated to Junior Admin staff (such as only the ability to add entries to Local site list in Group policy section or only access to specific option into the Policy configuration, etc.), without exposing the entire configuration of the WSA to them.
9 votes -
Allow or block user agent strings in HTTP headers
For customers without our Endpoint Application Control, provide the ability to allow or block user agent strings in the HTTP headers to control applications like web browsers, etc.
This has been requested by a 3,500 user Government prospect
9 votes
- Don't see your idea?