Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web appliance automatically clear usercache

    Submitting on behalf of client. On the backend of the web appliance if you can automate the user cache to purge older users that have authenticated. Currently anything in the user cache is kept permanently - if there is no new authentication and coming from the same IP this would cause incorrect reporting data.

    For example any users thate authenticated and is still in the cache over 'x' amount of months/days should automatically delete.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  2. Web Appliance: Support Intermediate Certificates for Certificate Authority

    Customer would like to use a custom Certificate as Certificate Authority.
    According to an internal KBA "Customer Upload of Signing Certificate" the CA Certificate needs to be a top-level Root CA.
    The customers CA Certificate is not a top-level Root CA, so he needs to be able to also import an Intermediate Certificate, and therefor requests this feature

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide option for user to add quarantine reason on sophos email appliance

    Company and Contact Information

    Company: Motability

    Contact: 01279632141

    Sophos Partner (if applicable):

    Sophos Product Information

    Sophos Product: Sophos Email Appliance ES1100

    Version in Production: V 4.0.0.0

    Feature Request Summary We was wondering if there was a way to add our own field in the quarantined for reason We want to add DKIM to the
    check list

    This is so we can narrow down our searches for DKIM emails as we are getting a few blocked now and would like to be able to do a quick search each day to keep an eye on them

    How will this new feature…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. NTP Time Sync

    Currently all virtual appliances sync their time with the virtual host on boot, if this time is wrong then the time on the appliance would also be wrong. If this gap is too large then NTP will not try and sync the time causing authentication failures. The suggestion would be to allow the NTP sync tool to overwrite the inherited time or set the time. I think this could be done by using the -g trigger for the initial sync on boot. Returning afterwards to the standard options.

    This has been raised by one of our major distributors (case #5352751)

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. log a user off from Captive Portal

    The ability to log a user off from Captive Portal, when multiple users use the same workstation, or IT needs to do testing.

    Customer would like the ability to log a user off from the Sophos Web Appliance (Captive Portal) or have the ability to access a web page ie http://ws1100/logoff.php and log the current user off.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  6. HTTPS Scanning: Opt-in selection by site or category

    I would like to request the ability to choose which web sites HTTPS scanning is applied to.

    At the moment the only option it to turn HTTPS scanning on and then compile a list of exceptions.

    We had been running our SWA (Sophos Web Appliance) environment without HTTPS scanning for a year. However a few months ago Google changes the way their search page worked and redirected all
    traffic to a secure HTTPS version of their site.

    This change forced us to switch on HTTPS scanning as it was the only way that we could continue to enforce Google Safe…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reporting: Produce a Web Appliance policy report

    It could be very interesting to export the policy configuration stored on WS on pdf or xls, csv format in order to analyze the global behavior on wide environment. Actually the XML files exported by backup action are not human readable!

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPv6 Support

    We've had multiple customers requesting updates on when the web appliance will include IPv6 Support.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web Appliance acts as an ICAP client to a third-party DLP solution

    ICAP (Internet Content Adaptation Protocol) support to give the capability of working with DLP products to block PAN data at the network edge.

    This will give customers the capability of blocking PAN (Primary Account Number) data at the network edge in the event PAN data is passed thru a unsupported internet browser.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  10. Link activity search items to policy test

    When currently viewing user activity, there is no way to see easily see why an access is permitted or denied. Currently, one needs to take the URL and user information and manually go over to Policy Test and then test to URL to see why a particular action was taken. It would be much better if the reason was available directly from the search activity. For example, clicking on the status entry could pull up a page similar to the results page of Policy Test, and say what the risk level is, category, tags, policy result, policy, and reason.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. End-user pages: Custom error pages based on policy

    Having the possibility to create and/or customize all error pages / block pages / warning pages based on a specific policy.
    In fact, having the configuration of the error page on the policy.

    For example, if user toto is part of an additional policy "policy1", then user see the block page of the policy1, if he is part of the additional policy "policy2", then user toto see the block page of the policy2.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. Integrate Sophos with JIRA

    When Sophos email an alert to the Sophos admins have Sophos automatically create a JIRA ticket with the information from the Sophos alert then the service desk will get that ticket immediately and be able to investigate.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. People list to show Domain as well as AD Username

    We use AD Sync over multiple domains. Currently we can only see the AD username but cannot see which domain this belongs to. This makes it difficult to report on individual domains, and impossible to tell which user is which when the same name is used on more than 1 domain.
    Ideally the username would be shown as: domain\username

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Implement some basic security features.

    The standard Web Gateway install exhibits the following behaviour that really should be fixed.

    Revoked leaf certificate - treats as trusted.
    Bad HPKP pin - treats as trusted.
    SHA-1 signed certificate - treats as trusted.
    Invalid SCT - treats as trusted.

    I mean come on, not checking for revoked certificates is pathetic in what's meant to be a security product.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. LastPass

    In Sophos Central > Web Gateway > Application Control > Password/License recovery tool section, please add LastPass password manager

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow mDNS/Bonjour on the local LAN to work in the browsers.

    Allow mDNS/Bonjour on the local LAN to work in the browsers. The web protection currently blocks them for no apparent reason.Put an option in the software to allow mDNS to work, it IS the age of iOT after all.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  URL Categorization  ·  Flag idea as inappropriate…  ·  Admin →
  17. As an admin I would like to test policy application also for roaming endpoints.

    On Sophos Web Appliance, actual policy tester tool does not care of roaming endpoints, if additional policy is applied for machines connecting from outside the local network, policy check results does not allow administrators to know which policy is currently applied for roaming endpoitns.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  18. SWA: Add support as a web application Skype Web (https://web.skype.com)

    Add support to Allow Skype Web (https://web.skype.com) in the "Web Applications" instead of allowing the whole category: chat.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. Override button for blocked sites

    Reference community post :
    https://community.sophos.com/products/web-appliance/f/5/t/79013

    User would like to have an override button on the blocked web pages, where administrative users can simply enter their username, password and a time to temporarily override a blocked page.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Alter time frequency related to SWA to SMA sync jobs

    As an admin I would like to increase time frequency related to SWA to SMA sync jobs.
    Issue come up when SMA and SWA are connected through MPLS, when managed SWAs are several, these operations overwhelm the MPLS line.

    The goal would be to have the possibility to alter the sync frequency so these data could flow into low peak times.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.