Secure Web Gateway
Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.
-
Admin can choose not to trust default trusted sites
Can we have a button which gives us an option to turn on/off the defaulted trusted sites set by sophos labs.
Reason being if a customer has setup a rule to say block all exe , if the site is default trusted by labs the user can download the exe. Some customers do not want any site trusted.
5 votes -
Reporting: Reports by Tag, showing results of search by Tag on Local Site List.
Creating Reports by Tag, showing the same results of search by Tag, using "Show filters" option, on Local Site List, but with the original Category and Risk Class shown for each site found.
Customer's business needs are:
- when the employee who checks Appliance Reports for Italian law compliance went to Cariparma, when he saw that a huge numbers of sites could be added to Local Site List, assigning tags, recategorizing them and overriding risk class, he told them he needs the results of searching Local Site List by tag, thanks to 'Show filters' option, as a Report and with…3 votes -
WCCP to listen on port 2048 to work with Fortinet Firewall
Customer would like to have the SWA listen on port 2048 so it would work with Fortinet firewall. This is to establish WCCP GRE Tunnel with the Fortigate Firewall.
3 votes -
Enable Data Loss controls by user/group
At present, Data Loss controls (Webmail, Blogs & Forums posting) are globally configured for all users. Make them configurable by policy.
1 vote -
Send TCP-KeepAlive Packets
When Scanning files the Appliance should send TCP-Keep-Alive packets in order for clients to see that the connection did not go stale.
Customer would like to have a choice of either the patience page, tcp-keep-alive, or nothing. Selection could be made on the Configuration->Notification Page Options Page9 votes -
Change user request-email address
When a user requests a page or want to have a category changed, the email address where the request is going to should be configurable (instead of going to the alert recipients in general)
It also could be usefull for other customers using role based management to send user request mails e.g. to a helpdesk admin, and not to the appliance admin.8 votes -
Add hyperlink from PUA User Submissions to Download Options
Add a visible hyperlink from PUA User Submissions section to Configuration -> Download Options. It is difficult for those new to the web appliance to know where already authorized PUAs are located. Especially since they disappear from User Submissions after a decision is made.
1 vote -
IPv6 Support
We've had multiple customers requesting updates on when the web appliance will include IPv6 Support.
5 votes -
Advanced settings for "Search Term Alerts"
Currently we're seeing a lot of customers that experience multiple emails when using the "Search Term Alerts" feature on the web appliance due to instant search which is enabled by default on sites such as google. Ie, customers are receiving an email for each letter typed into the search bar.
1 voteIt is generally not possible to distinguish between interim search terms and the final search – not least because the interim terms can return results. The best we could do here is try to merge together alert emails over a short time frame to decrease the level of traffic.
-
Reporting: Exclude some substrings matches from Search Terms
In the Reports --> "Search Terms", selectively exclude some matches (while still including substring matches). As an example, keep "sex" as a search term, but exclude "Sussex" (while still keeping "Include substring matches").
1 vote -
User/device throttling based on Username/IP/MAC address/Hostname
eature Request Summary – user/device throttling / prioritization allowing admins to set up polices on a per computer (hostname, MAC or IP) AD user/group basis to restrict download speeds to conserve bandwidth. Also be able to prioritize traffic like windows updates lower during high traffic/production times
How will this new feature address your business requirements? – More users are using MORE bandwidth. Example: If there’s a class researching a topic on youtube and a study hall playing games, I would like to easily place a throttle on the gamers that gives the youtube users more priority. Example 2: user brings…
4 votes -
A flag in /log/sophos_log that shows search term results
It would be nice if there was a new logged item in the /log/sophoslog file that points out what users are searching for. Something like searchterm=test1
This way if the customer uses a syslog server, he can setup something to pull all search results based on user or just general query. Raymond James requested this.
1 vote -
Higher resolution sizing of GUI
Customer would like the GUI to scale for higher resolution monitors so they can see more infromation on the search and reporting screens.
4 votesUnder Review ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are planning some significant improvements to the UI for a future Web Gateway release.
-
SNMP monitoring on the Web appliance
Implementing SNMP to get all critical information from CPU, HDD, Memory and NW Card. If it is possible to get the counters from the status page that would be very nice.
We must have all our systems in production in our network monitoring system to get the relevant information needed for SLA and capacity planning. SNMP is the preferred method for doing this.
41 votes -
Data Leakage coaching page
Feature Request Summary Ability to display a coaching page advising of potential risks of data leakage when using web-based e-mail accounts allowing the user to proceed at their own discretion without any further coaching pages preventing content from being displayed. Alternatively, if the Global Policy, Data Leakage Prevention, Webmail Control policy could be made more granular this would probably meet our needs.
How will this new feature address your business requirements? We have an information governance requirement to prevent identifiable data from leaving the NHS Trust without encryption. Such features would allow us to properly warn users of the potential…
2 votes -
Ability to exclude domains/sub-domains from reporting
Customer uses Google app and would like reporting for google.com, but not docs.google.com and mail.google.com for example.
2 votes -
Add applications to the exempt list under AD
Add 3plearning sites (mathletics, spellodrome) to the exempt list under active directory.
2 votes -
Reporting: Real-time view of traffic/connections in GUI.
Customers would like to be able to see what connections are occurring through the appliance an any given time to be able to look at load issues or to troubleshoot issues with out the help of support.
47 votesWe have addressed some of the operational issues with connections in version 4.0 by removing the limitations on concurrent connections. We will look again at this specific feature in the future if there is still strong demand.
-
Ability to bypass HTTPS scanning for certain internal IP/IP range.
As it would be impossible to push out a SSL certificate to a guest network, or to custom non-pc system, this would allow customer to still use HTTPS scanning for the rest of the network
12 votesCustomers with this requirement should consider XG Firewall.
-
Web Appliance acts as an ICAP client to a third-party DLP solution
ICAP (Internet Content Adaptation Protocol) support to give the capability of working with DLP products to block PAN data at the network edge.
This will give customers the capability of blocking PAN (Primary Account Number) data at the network edge in the event PAN data is passed thru a unsupported internet browser.
6 votesUnder Review ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are considering adding DLP support in a release later in 2015. This should allow detection of sensitive data such as PAN and other types without using an external ICAP solution.
- Don't see your idea?