Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. When https scanning is disabled the proxy should use http for block/warning page to avoid browser error/warning about untrusted certificate

    When https scanning is disabled the explicit proxy should always use http for block/warning page to avoid browser error/warning about untrusted certificate Now the page is sent in HTPS with a certificate signed by the internal NON public CA when the target site is HTTPS

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Unfortunately this is not possible. When we intercept an SSL connection and decide to block it, we can only make the browser display a block page by making it think it’s connected to the site it was looking for, using the same protocol. If we respond to an SSL handshake request with an HTTP connection, the browser would quite rightly think something was wrong and refuse to handle the response.

    Older versions of the SWA used to use HTTP to respond in explicit proxy mode to ‘CONNECT’ requests where the browser tells the proxy to connect to an HTTPS site. But browser publishers realised this was a potential security risk and stopped even that from working.

    So the choice is, either try and respond with a block page pretending to be the HTTPS site, or just terminate the connection leaving the browser displaying a generic error message about…

  2. AD: Support LDAPS for directory synchronization

    Support LDAP and LDAPS to connect to Active Directory Servers. Currently only eDirectory Servers are supported with LDAPS

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  3. Policy: Allow SWA Re Authentication

    In Sophos Web Appliance: Allow AD users to re-authenticate with AD when they hit a site or category they are denied access to.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  4. URL categorization database fallback cache

    Please modify the logic of the software so that they always continue running with the latest available URL database that has been downloaded to the appliance.
    If the servers are not available then they should continue to use the older URL database then update whenever the servers become available.

    Causing a global outage for customers with restrictive security policies for uncategorized sites sounds more like a major bug than a feature request. Our resilient
    solution with two appliances was rendered useless in this case.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →

    The URL lookup system already has a cache system to ensure that sites previously visited will continue to be categorized in the event of an outage.

    To prevent an outage impacting visits to previously unknown sites we would need to download the entire categorization database locally. This is no longer practical due to the increased size of the database.

    We will continue to work to ensure the services are more robust and to ensure the caching we do provide is as effective as possible.

  5. Connection level blocking

    Summary: Customer would like to block a connection before its established through Apache, essentially adding a basic firewall to the web appliance.

    We would like to be able to setup rules on the appliance to block connections to certain websites/IP addresses.

    Currently, users are initiating TCP sessions from the appliance to websites even though the websites are actually blocked. The appliance actually sets up
    the session first and then blocks it after realising that it is not allowed.

    The problem is that the box is uncessarily setting up the session in the first place, which just seems to be a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →

    We are working to improve the position regarding concurrent connections in v4.0 by changing the architecture of the proxy. We do not see the value in providing firewall-level blocking with the connection limit problem solved, as the firewall will only have a limited amount of information to go on to make its decision (i.e. destination IP address – not even the URL.)

  6. Notification on category change

    customer wants us to notify them of category changes to well known sites
    for example twitter was recently changed to "chat" but used to be "blogs and forums"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. Disable or control threshholds for scanning downloads

    Feature to allow the administrator to stop the product from virus scanning downloaded files and to change the threshold value at which the appliance scans downloaded files if this is enabled.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  8. Terminate existing HTTP sessions

    I would like to suggest as a feature request, an option in the Web Appliance to end the browser session when the browser gets closed, requiring a new authentication everytime that the browser is open.

    For security purposes of some companies, specially with public computers, this would be a very usefull option.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web Appliance: Generic account login when machines are out of office

    LOCAL accounts are used on devices when they're away from the network. [I understand this is not ideal, however it’s what the customers is used to]

    To manage internet differently between domain and Local accounts, we need to use a Local user definition within the Additional Policy.

    At this stage you need to explicitly list each system and user eg: computer1\student, computer2\student. The limitation is you cannot create a local group
    with the membership of .\Student OR *\Student.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  10. New download type: .csv

    Add the ability to detect .csv files so they can be controlled via the download controls in policy

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  11. Syslog: Log events using appliance-local time zone

    Currently all logs are stored in GMT format and when sent to a syslog server are also stored in GMT. When the user is in a different time zone this makes the logs confusing to view as the log entries and their times do not match up.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. Set timeout for long or persistent connections

    Persistent connections are causing big issues with many customers, at best the browsing is very slow and at worst it completely fails. If the customer could set a time-out for connections and we take over their termination then this would resolve the issue.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  13. Configure reports to be emailed with a customisable time

    Configure reports to be emailed with a customisable time.

    We would like the report e-mails to be sent at a configurable time. Currently they all run at 1:30AM, so managers see a bunch of junk e-mail when
    they wake up and are less likely to read it. We’d like to send the e-mails at a time when they’re working and are more likely to see and read it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Admin to schedule reboot

    The user would like to have functionality to schedule reboots of the web appliance.

    At present the appliance can be shutdown gracefully from the GUI but there is no way this can be automated

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  15. End-user pages: Block page displays details of matched policy rule

    When a web page is blocked, it would be useful if the block page displayed had the ability to display which content additional rule blocked the site and not just what
    the site is categorized as.

    This would enable Helpdesk to inform the web appliance administrators which Additional Policy rules was restricting the user.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Policy (Appliance and Endpoint)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Reporting: Include hostname in reports

    Customer would like to have an option to have hostname of PC included in reports

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Web Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Application of YouTube for Schools per Group

    Some customers in the education field would like to have YouTube for Schools applied only for select groups. Currently this feature is either on or off but there is a need to have it applied only to student groups where teachers and administrators would have requirements for greater access.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  18. Specify proxy bypass destinations by domain name in bridged mode

    Feature: Ability to user domain name rather than IP address or IP range when setting up exclusions for traffic not to proxy when the appliance is in bridged mode. (Network – Network Interface – Configure)

    Business Case: Customer is trying to alleviate load issues on their WSA by excluding certain sites and services (YouTube, Amazon Web Services) from being interrogated by the appliance, the best solution for them would be to reference these sites in this configuration option, doing so via IP is near impossible for them due to the huge ranges both Amazon and YouTube use.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. Web policy based on MAC address

    Sophos Product Information
    Sophos Product: 1100b web appliance
    Version in Production: 3.7.8.1

    Feature Request Summary
    How will this new feature address your business requirements?: It will help us to prevent abuse of our open wireless that is provided for patients in our hospital and care center. By allowing us to put filtering and blocks in place by mac address this would help us out a ton.

    per case 3614532

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Create an ALERT that triggers when a user has been BROWSING internet for two consecutive hours?

    Site have a WEB Appliance (hardware WS5000) and need to:
    Create an ALERT that triggers when a user has been BROWSING internet for two consecutive hours?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.