when end users go to www.adhc.nsw.gov.au they get an error saying that the certificate was unable to be verified.

On the Management/Web appliance you can schedule reports, but there are only report packages. Can you add the ability to specify more custom reports (eg. Only "Top bandwidth Users") and not the whole "package".

getting alerts from sophos UTM firewall, saying that the web appliance has attempted to download from a restricted site.
If the web appliance logged the failed requests as well as the successful ones, we might be able to track down which client tried to get to the malicious site.

Currently the limit of tags per URI in LSL is 25.
Customer needs this limit increased.
Customer holds 4500 user license

Allows visibility and management of huge file downloads where limited resources are available. The request is to provide an end device configuration option so that
I can turn off the feature that downloads large files to the appliance first and then the end user pulls that file to their local machine. During the download to the appliance I have no mechanism to determine who is downloading to large files.

Enabling the web appliance to give customized information on the approval page will allow for IT Managers to create automated workflow to send requests to specific managers of various departments
in order to allow department managers to directly know what is going on “only” with the users they care about, and thus approve web site pages accordingly. This will allow for business automation workflow and prevent unnecessary emails to users who have no
authorization to approve.

When creating an exception on the UTM you can configure a single exception of domain.com. This will apply to: domain.com, www.domain.com, subdomain.domain.com and domain.com:443.

On the web appliance you are required to manually configure an entry for each of these which increases the management overhead.

Could the behaviour of the WSA be updated to match the UTM?

Improve features Additional Policy:
+ Add filters in additional policies (like Local Site List).
+ Possibility of sending a rule to a certain position in the order of policies.
+ Remove limit 150 Policies.

Support for vMotion should be added to the product. A huge proportion of customers require vMotion on their virtual hosts at which point they are running an unsupported configuration.

Add support for google for education where google offers the school a domain with a set of amenities specifically for that domain. Currently this is not supported as "google apps" is.

Enable viewing of dashboard for a month not just for a day. This is important in comparing every month's statistics.

Ability to clear DNS cache via Web Interface.
A simple button similar to the Clear Cache button to clear DNS information.
At the least a option on the console (CLI) could be added to clear this.

If important business related websites change
IP addresses the SWA will continue to use old DNS/IP information until
cleared or TTL is reached. This causes major issues if the SWA is the only
internet gateway. Clearing/Refreshing DNS requires a Sophos Console Support
session. Clearing the cache should be a simple process.

Is there available an ovf, for virtual Sophos web appliance, on esxi 6.0, for vm machine ver. 9 + (for datastore repl.)?

Add additional support to the web application polcies for lync (Skype for business) to allow IM and desktop viewing but block file sends and screen sharing with people out side.
Similarly provide a read only view of Yammer

For all options with the choice between ON or OFF, customer asked to help to see the difference with a Green color when it's ON and a Red color when it's OFF

We have certain applications which need access to the internet but are unable to authenticate with the Sophos web appliance. It would be good to be able to specify an additional policy for certain websites which would allow access for unauthenticated users such as applications that can't pass credentials. An alternative to this would be for the Sophos appliance to work with account details entered in applications proxy settings. Many mainstream applications such as windows update services will not authenticate with the Sophos web appliance even when specifying the proxy address and account to use.

Customer would like to use ESXi 6 but all documentation says its not supported.
They have installed it anyway and it appears to be working so they want it added to the supported platform lists.

when a site returns a s=500 the appliance says it is blocked.

h=10.21.11.103 u="PERFORMANCE\\dstaatz" s=500 X=- t=1440081875 T=63135034 Ts=63 act=-1 cat="0x2200000008" rsn=- threat="-" type="-" ctype="text/html" sav-ev=- sav-dv=- uri-dv=- cache=- in=157 out=0 meth=CONNECT ref="-" ua="-" req="CONNECT https://pfgc.webex.com/ HTTP/1.0" dom="webex.com" filetype="-" rule="0" filesize=- axtime=0.000268 fttime=0.000000 scantime=- src_cat="0x2000000008" labs_cat="0x2000000008" dcat_prox="-" target_ip="64.68.105.103" labs_rule_id="0" reqtime=- adtime=0.000000 ftbypass=- os=Windows authn=53 auth_by=sso_cache dnstime=0.000009 quotatime=-

act=-1 s=500

This is not something that we can fix most of the time but customers see the site as being blocked and assume it is the web appliance.

Can you make network errors say something other then blocked.

Based on case 5221080
Mention in the documentation that HTTPS exclusions should be put in place on the Web Appliance, if the Email Appliance is using it as a proxy.
esa.feedback.sophos.com:443
esa-reg.sophos.com:443