As the certificate "Sectigo RSA Domain Validation Secure Server CA" root type is added into the Sophos Web Gateway certificate database, tou must manually add the "Sectigo RSA Domain Validation Secure Server CA" site type for each web site that is certified by Sectigo CA. If, day by day, you have 1000 "Sectigo RSA Domain Validation Secure Server CA" site type web sites to grant your users access to, you must load 1000 different "Sectigo RSA Domain Validation Secure Server CA" site type for each different web site your users your users access to.

Thank you

Can we have an O365 Web application category on the Sophos Web applience like there is in Sophos XG Firewall so that we can bypass all O365 IP's/URLs?

Need to be able to manage multiple seperate domains. When we purchase a company we link the domain with a trust relationship but need to add the new domain into the web appliance

Offering some sort of image compression feature, similar to Bandwidth Hero (image re-encoding, convert to grayscale, etc) in order to serve in an efficient way mobile or with low performance connection clients.

It would be nice to be able to create a report on users clicked and no. of hits based on a local site list tags. Currently, you can only create reports based on categories but you are unable to create custom categories. The tags was created because of this but then reporting on them isn't available. Some customers wants to create their own "non-business" related sites and monitor + report on them so this feature would definitely be useful.

Please add Adobe Cloud to the web application controls so that we can allow certain levels of access to adobe cloud without allowing uploading.. Similar to what has been done with Google Drive and One Drive.

When using SSL-Inspection, it should be possible to deaktivate outdated TLS-versions like TLSv1.0 / 1.1.
It is recommended to disable SSLv3/ TLSv1.0 / 1.1 in the browser settings. This setting is useless, however, as the SWA always uses SSLv1.2 in the direction of the client.
So it can happen that a website with TLSv1.0 is requested, which is transferred to the client, on which TLSv1.0 is deactivated, with TLSv1.2.
That's a security problem.

Would be very helpful if you were able to display HTML content as part of the encrypted email and not just basic text. Same applies here to the reformatting of the email signature.

It should be possible to enable the "encrypt" button by default, so that it is not necessary to turn it on for every single email that one need to send encrypted (which is the majority).

Hello Team,

We have the partner here requesting to have the helpdesk role in web appliance to manually synchronize the AD. This will allow the customer to no need to call the partner just to request to manually synchronize the AD if there are changes done on AD. For your assistance please. Thank You.

Hello Team,

We have customer here requesting to to have option to change the interval for the default synch time of AD to Web appliance. Customer advise that they need to have shortened AD synch interval as when they do changes on AD, it takes time for the synchronization to take effect. Partner is aware that he can do the manual synchronization but he said that customer needs to contact him just to do the manual synchronization. For your assistance please. Thank You

Email Gateway Encryption needs some enhancements.
1. Option to disable multiple languages when users receive encrypted emails.
2. Sophos uses Echoworx for encryption but doesn't utilize the web portal. Giving the ability to use the web portal for recipients to send back a message encrypted would be great and it will be secure.

It would be useful to highlight banners with a choice of colours for background and text to catch a users attention.

Today, Sophos Web Appliance records HTTP URLs, caller (using LDAP) and timestamp.

I'd like to request that it should also record HTTP headers.

We are existing clients who'd like to audit HTTP calls and we need the headers to be included.

Currently the SMTP settings on the Sophos email appliance do not support the Microsoft limits. Example: The Maximum number of recipients on the Sophos email appliance only supports 1000 recipients while Microsoft supports 10,000. Can we upgrade the Sophos Email Appliance to support these settings: https://technet.microsoft.com/en-us/library/exchange-online-limits.aspx

Without including all quarantined emails in the digest, how would an end user know if they had a message trapped by the appliance that may be legitimate?

Currently it's not possible to add a route to a single IP address (CIDR /32), but the smallest destination CIDR address is a /31. In some circumstances it's mandatory to use a route to a single IP address.