An audit log of all the actions and policy changes performed with the username, date and time.

Customers would like to be able to see what connections are occurring through the appliance an any given time to be able to look at load issues or to troubleshoot issues with out the help of support.

Some customers have more than one AD domain not trusted each other

Implementing SNMP to get all critical information from CPU, HDD, Memory and NW Card. If it is possible to get the counters from the status page that would be very nice.

We must have all our systems in production in our network monitoring system to get the relevant information needed for SLA and capacity planning. SNMP is the preferred method for doing this.

Several customers have taken issue with our URL recategorization page:https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx and the fact that they receive no feedback regarding their requests. They would like to be notified when the request has been processed and information regarding if it was approved or denied. Other vendors do provide this feature.

We would like to be able to allow individual or a group of users to be able to download a file type from a certain website only.

for example if ZIP files are blocked from being downloaded, however we have three users that often download from dropbox. We would like to allow these three users to be able to download ZIP files from dropbox only.

When HTTPS scanning is enabled, Skype fails to work because it is trying to send non-HTTP traffic over the SSL tunnel.

It is essential to be able to scan https sites and also essential to be able to support messaging apps, in particular Skype and iMessage. For Skype – maybe even setting up a simple SOCKS proxy on the Web proxy might do the trick, we do not need to examine or track the contents of the Skype messages." case 3693911

Similar to Youtube for Schools, allow customers to allow or block based on YouTube content / category ratings. This has been requested by a 3,500 user Government prospect:

https://support.google.com/youtube/answer/146399?hl=en

Ability to clear DNS cache via Web Interface.
A simple button similar to the Clear Cache button to clear DNS information.
At the least a option on the console (CLI) could be added to clear this.

If important business related websites change
IP addresses the SWA will continue to use old DNS/IP information until
cleared or TTL is reached. This causes major issues if the SWA is the only
internet gateway. Clearing/Refreshing DNS requires a Sophos Console Support
session. Clearing the cache should be a simple process.

it will be nice if file can be automatically downloaded after scanning without click on the "Click here to retrieve file".
Another to raise this request is a file scanned by Sandstorm would be downloaded automatically.

A customer has requested be below:

I like the new Advanced Threat Protection applet on the Sophos web filtering management appliance but I think that it would be very useful to add a system alert for Threat Detected.

We have several SMAs that manage web filtering across several different environments so it would be very useful to receive an email when a new threat has been detected instead of having to manually visually check each SMA.

Ability to whitelist complete you-tube channels in the WebAppliance

organisation uses the Google Apps suite quite heavily. We put so much load to them that they end up putting Captcha verifications on searches as per this doc: https://support.google.com/websearch/answer/86640?hl=en

A way to mitigate these things from happening in scenario’s where organisations may have all of their traffic exiting one or two public IP’s is to implement the X-Forwarded-For into the HTTP header. It means that the web server in question (eg Google) can differentiate between one client and the other.

As it would be impossible to push out a SSL certificate to a guest network, or to custom non-pc system, this would allow customer to still use HTTPS scanning for the rest of the network

It would be fantastic to have the ability to lock down each section inside of Web Appliance so that certain activities could be delegated to Junior Admin staff (such as only the ability to add entries to Local site list in Group policy section or only access to specific option into the Policy configuration, etc.), without exposing the entire configuration of the WSA to them.

I would like to see the ability to block custom file extensions and not just the predefined ones.

Customer would like to use ESXi 6 but all documentation says its not supported.
They have installed it anyway and it appears to be working so they want it added to the supported platform lists.

For customers without our Endpoint Application Control, provide the ability to allow or block user agent strings in the HTTP headers to control applications like web browsers, etc.

This has been requested by a 3,500 user Government prospect

Its sometimes very bad when users cant visit certain sites because they dont allow proxies/vpn´s