Secure Web Gateway
Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.
-
Proxy: Expose Maximum Connections figure
The Maximum Connections figure has so far only been seen by us when being actually reached, sending the proxy critical; we receive an SMS warning at that point, but no indication in reports
or an Exception in System Status. Knowing how close to the maximum figure we are at any given time would allow us to plan ahead of time for capacity increase without causing failures and downtime – or support overhead. It is absolutely vital that a maximum,
or, just as importantly, near maximum that will in essence effectively cause failure to be either raised as an Exception (for…1 voteStarted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
In Sophos Web Appliance v4.0 we are re-architecting the proxy subsystem which will effectively remove the connection limit.
This new release is planned for early 2015. Please let me know if you would be interested in participating in the Beta program.
-
Comment Field for Additional Policy Manual Entries
Customer would like a comment field for IP Addresses or ranges of IP addresses under user "Additional Policy: Select Users" dialog box under the "Manual Entries" section. The ability to add a short comment would allow for better referencing and documentation of IP address
1 vote -
Comment Field for Bridged Mode Exclusions
Customer would like a short comment field to allow for better referencing and documentation of IP address added to exclusion list.
1 vote -
Policy: Selective SafeSearch settings
Advanced partner would like a feature request for the Sophos Web Appliances, which was in direct result to a conversation with an existing customer within the education sector.
Currently, the SafeSearch feature is a global option, allowing you to turn it on or off for all users.
Could we please:
- Give the Administrators the option to turn this on or off per policy (Using Additional Policy Controls)
Or
- Give the Administrators the option to remove certain sites from this safe search. IE, exclude YouTube but allow all other sites to be used with the SafeSearch facility turned on.
1 vote -
Improve policy prioritization
When you have a large number of policies, It’s a pain when creating a new policy because this is always created at the bottom of the list and you have to move it up a step one click at a time.
It would be great if you could select a group of policies and move them all in one go as you can in ISA so instead of moving a policy up past 50 or 60 other policies to get it to where it needs to be.
An alternative would be to allow you to select where to create the…
2 votes -
Syslog: Send log data to multiple devices
Allow the functionality to output syslog to multiple servers. This would allow the customer to generate redundant logs from the source, rather than duplicating them after thefact. This is especially helpful in UDP scenarios.
3 votes -
I would like the option to see the full query string along with the base URL on user/site reports.
I would like the option to see the full query string along with the base URL on user/site reports. Often times the query string contains very important web browsing information. For instance, when a user is on Google and they are doing searches, I cannot tell what they have searched unless it is in the Search Terms list – which only reports on specific words. Our previous web appliance, which was an iPrism by Edgewave, allowed us to see the full querystring.
How will this new feature address your business requirements?: This would help our organization have more details on…
1 vote -
Modify individual Alerts on the appliances
We require the ability to disable certain alerts, at present you only have the option to have email alerts on or off and this is no way of amending what is and is not alerted upon
1 vote -
Increase the number of destinations on the top bandwidth report.
The current number of destinations displayed is 5 per user. To increase the usefulness of this report increase the limit or allow the user to select the number of destinations to include in the report.
4 votes -
Reporting: Reports for a specific website for a specific group
Customer would like to be able to have scheduled reporting on a specific group for a specific website.
So they only want a specified website in the report for who ever accessed it within the group.1 vote -
Better security on web admin gui access
Customer observed some vulnerabilities of Sophos Web Appliance which make it a high risk for hacking.
Access to Sophos Web Console - Since the IP address of SWA written in the
Proxy settings of the Internet browser, it is very much simplier to copy it
by any user and will just type in the URL
https://x.x.x.x (x.x.x.x - IP address of the SWA written in the Internet
Browser proxy settings). We suggest that access to SWA console must be in
different port (example:
https://192.168.1.100:4434)Unlimited attempt to access accounts in the Sophos Web Console - We don’t
found any…
7 votes -
Allow creation of Additional Policies and/or Local Site List Entries that allow specific downloadable file types to be allowed or disallowed
Allow creation of Additional Policies and/or Local Site List Entries that allow specific downloadable file types to be allowed or disallowed on a per site/per user basis. In other words, permit Bob and only Bob to download MSI files from microsoft.com and only microsoft.com.
2 votes -
Improve streaming media on iOS devices.
As per support request 3725151, streaming media will not play unless the site is set to trusted on the web appliance's local site list. This is getting very cumbersome to manage with the amount of sites now containing streaming media.
2 votes -
"Download Options" configurable in user policy
Allow download options need to be set at the additional policy level and not at the current global policy setting level.
1 vote -
AD: Custom schedules for AD Sync
When adding new users to groups that are used in Additional Policies we have to manually Sync Directory Services to reflect this group membership change. We would like the ability for an Administrator to define a schedule for Active Directory Synchronization.
2 votes -
Reporting: Report on Uncategorized Web Sites
This will over time provide meaningful management reports on usage patterns based on category classification of sites visited. With the proposed approach from a company perspective if the identification and classification of uncategorised sites of the most common sites (say top 10%) if this was automated overtime your classifications will have higher classified detection rate.
per case 3616231
1 vote -
Policy: Block users from Streaming Media or video regardless of site Category
We would like to block users from accessing Streaming Media regardless of the site category. we are currently blocking users from Streaming Media through the categories on default policy. The issue I have with it is that the web appliance doesn’t block videos on different categories websites. Example: www.mlb.com is a category Sports. This website contains videos which is considered streaming. We cannot block just the video portion of the website. We have to either allow or block the entire website. We would like to just block video and allow the text of mlb.com.
3 votes -
Web Appliance: Allow skype with the HTTPS Scanning on
When HTTPS scanning is enabled, Skype fails to work because it is trying to send non-HTTP traffic over the SSL tunnel.
It is essential to be able to scan https sites and also essential to be able to support messaging apps, in particular Skype and iMessage. For Skype – maybe even setting up a simple SOCKS proxy on the Web proxy might do the trick, we do not need to examine or track the contents of the Skype messages." case 3693911
24 votes -
Include Sharepoint into the data leakage component of the web appliance
The company regards security as
it's upmost priority, holding major contracts with the MOD. As such the company
needs to demonstrate good risk management, especially regarding the threat of
data leakage. As more and more partners work in collaborative environments and
require our employees to access these environments the company feels some level
of control is required. Currently these environments are not recognized by the
Sophos appliance as threats and consequently gives no access
control.3 votes -
Define custom filetypes
A customer of ours has raised a request to be able to block custom filetypes, for example - defining ".nzb" files as an additional filetype to be blocked or warned against.
1 vote
- Don't see your idea?