Customer would like to be able to have scheduled reporting on a specific group for a specific website.
So they only want a specified website in the report for who ever accessed it within the group.

Allow creation of Additional Policies and/or Local Site List Entries that allow specific downloadable file types to be allowed or disallowed on a per site/per user basis. In other words, permit Bob and only Bob to download MSI files from microsoft.com and only microsoft.com.

As per support request 3725151, streaming media will not play unless the site is set to trusted on the web appliance's local site list. This is getting very cumbersome to manage with the amount of sites now containing streaming media.

Allow download options need to be set at the additional policy level and not at the current global policy setting level.

When adding new users to groups that are used in Additional Policies we have to manually Sync Directory Services to reflect this group membership change. We would like the ability for an Administrator to define a schedule for Active Directory Synchronization.

This will over time provide meaningful management reports on usage patterns based on category classification of sites visited. With the proposed approach from a company perspective if the identification and classification of uncategorised sites of the most common sites (say top 10%) if this was automated overtime your classifications will have higher classified detection rate.

per case 3616231

We would like to block users from accessing Streaming Media regardless of the site category. we are currently blocking users from Streaming Media through the categories on default policy. The issue I have with it is that the web appliance doesn’t block videos on different categories websites. Example: www.mlb.com is a category Sports. This website contains videos which is considered streaming. We cannot block just the video portion of the website. We have to either allow or block the entire website. We would like to just block video and allow the text of mlb.com.

When HTTPS scanning is enabled, Skype fails to work because it is trying to send non-HTTP traffic over the SSL tunnel.

It is essential to be able to scan https sites and also essential to be able to support messaging apps, in particular Skype and iMessage. For Skype – maybe even setting up a simple SOCKS proxy on the Web proxy might do the trick, we do not need to examine or track the contents of the Skype messages." case 3693911

The company regards security as
it's upmost priority, holding major contracts with the MOD. As such the company
needs to demonstrate good risk management, especially regarding the threat of
data leakage. As more and more partners work in collaborative environments and
require our employees to access these environments the company feels some level
of control is required. Currently these environments are not recognized by the
Sophos appliance as threats and consequently gives no access
control.

A customer of ours has raised a request to be able to block custom filetypes, for example - defining ".nzb" files as an additional filetype to be blocked or warned against.

Can we have a button which gives us an option to turn on/off the defaulted trusted sites set by sophos labs.

Reason being if a customer has setup a rule to say block all exe , if the site is default trusted by labs the user can download the exe. Some customers do not want any site trusted.

Customer would like to have the SWA listen on port 2048 so it would work with Fortinet firewall. This is to establish WCCP GRE Tunnel with the Fortigate Firewall.

At present, Data Loss controls (Webmail, Blogs & Forums posting) are globally configured for all users. Make them configurable by policy.

When Scanning files the Appliance should send TCP-Keep-Alive packets in order for clients to see that the connection did not go stale.
Customer would like to have a choice of either the patience page, tcp-keep-alive, or nothing. Selection could be made on the Configuration->Notification Page Options Page

When a user requests a page or want to have a category changed, the email address where the request is going to should be configurable (instead of going to the alert recipients in general)
It also could be usefull for other customers using role based management to send user request mails e.g. to a helpdesk admin, and not to the appliance admin.

Add a visible hyperlink from PUA User Submissions section to Configuration -> Download Options. It is difficult for those new to the web appliance to know where already authorized PUAs are located. Especially since they disappear from User Submissions after a decision is made.

We've had multiple customers requesting updates on when the web appliance will include IPv6 Support.

Currently we're seeing a lot of customers that experience multiple emails when using the "Search Term Alerts" feature on the web appliance due to instant search which is enabled by default on sites such as google. Ie, customers are receiving an email for each letter typed into the search bar.