Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  2. log a user off from Captive Portal

    The ability to log a user off from Captive Portal, when multiple users use the same workstation, or IT needs to do testing.

    Customer would like the ability to log a user off from the Sophos Web Appliance (Captive Portal) or have the ability to access a web page ie http://ws1100/logoff.php and log the current user off.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  3. Web Appliance: Granular Help desk role options

    It would be fantastic to have the ability to lock down each section inside of Web Appliance so that certain activities could be delegated to Junior Admin staff (such as only the ability to add entries to Local site list in Group policy section or only access to specific option into the Policy configuration, etc.), without exposing the entire configuration of the WSA to them.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  4. Exempt URLs from caching

    For Web Security. A feature that will allow administrator to manually add/ remove URL to be exempted from being Cached in WS products.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  5. Send email alert on ATP event

    The ability to receive ATP alert notifications will save us from having to check the SWA web appliance console every 5 minutes and therefore carry on with our
    BAU tasks.

    This gives us the necessary alerts to respond to potential advanced threats ASAP.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disble via-headers

    Customer would like to have the ability to disable the via-headers in the outgoing HTTP-Request to the server providing the page.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  7. ATP: Send alert on ATP incident

    A customer has requested be below:

    I like the new Advanced Threat Protection applet on the Sophos web filtering management appliance but I think that it would be very useful to add a system alert for Threat Detected.

    We have several SMAs that manage web filtering across several different environments so it would be very useful to receive an email when a new threat has been detected instead of having to manually visually check each SMA.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  8. Network Test - Add NTP

    Add an NTP test to the network testing page

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  9. Syslog: Cache outbound messages

    We currently have syslog transmission enabled on our Sophos Web Appliance to our log-analyser server which we then use for running reports on historical web usage activity, particularly for use with internal investigations.

    Currently, when the log-analyser server which receives the Sophos Web Appliance syslogs goes offline, the Sophos Web Appliance simply discards all syslogs during the downtime, meaning that web browsing history is lost. We propose that the Sophos Web Appliance would cache unsent syslogs and continue to retry sending them until they are received by the destination syslog server.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to modify HTTP headers on WSA

    Ability to modify HTTP headers on WSA so we can avoid Bad Gateway errors as upstream routers reject the traffic. Similar to what BlueCoat have here https://kb.bluecoat.com/index?page=content&id=KB5286

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  11. Use "Default Groups" which contain IP addresses in Connection Profiles

    Currently if you go into the “Default Groups” menu in the Web Appliance panel it shows you the available groups. You also have the option to create a group and either add Users or ip addresses into this group. As you know these groups can then be used in Additional Policies. I would like the ability to also be able to use these groups in connection profiles. Right now you have to manually add ip addresses in connection profiles. You should have the ability to also add groups that were created in the “Default Groups” menu.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  12. X-Forwarded-For feature for web appliance

    organisation uses the Google Apps suite quite heavily. We put so much load to them that they end up putting Captcha verifications on searches as per this doc: https://support.google.com/websearch/answer/86640?hl=en

    A way to mitigate these things from happening in scenario’s where organisations may have all of their traffic exiting one or two public IP’s is to implement the X-Forwarded-For into the HTTP header. It means that the web server in question (eg Google) can differentiate between one client and the other.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →

    We have implemented a back-end feature to add X-Forwarded-For headers to HTTP requests in version 4.2.0 of the Web Appliance. At present it must be enabled by Sophos support but we are considering adding it as a UI option in the future.

    Note that this feature only works for non-secure HTTP so it may not help for the Google situation where the default is for traffic to use HTTPS. This is because with HTTPS, the headers are all part of the secured, encrypted communication within an SSL tunnel. There is no equivalent protocol that would work on SSL traffic.

  13. Block upload of attachments to webmail servers

    At the moment Web Appliance can only block downloads of certain files. What the customer wants is to be able to block uploads of attachments to webmail servers like Yahoo, Gmail, etc. BUT allow sending of emails. So emails can be sent but no attachments.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  14. Report Scheduler - Schedule a single report

    Customer would like to be able to schedule only a single report in the Report Scheduler, rather than a 'Package' of reports.

    For example, their managers receive scheduled reports, but are only interested in seeing users by 'Browse Time'. However, they cannot schedule a report that ONLY includes 'Browse Time'. Instead they have to schedule the Policy Compliance report which includes other data like 'Policy Violators'.

    They do not want their managers to be sent 'Policy Violators' data. This report 'scares' them. They are non-technical users and do not necessarily understand that people are sometimes unwittingly violating the policy.

    Therefore…

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  15. make "local site list" case insensitive

    Sites like twitter – you can enter a url with any combination of mixed case and it will load the same profile page

    So adding https://twitter.com/lakelandconfess/ to the Local Site List only blocks https://twitter.com/lakelandconfess/ - any case variation and the site is allowed

    Blocked:

    https://twitter.com/lakelandconfess/

    Allowed:

    https://twitter.com/lakelandconfeSS/

    https://twitter.com/LAkelandconfess/

    https://twitter.com/Lakelandconfess/

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  16. Authentication: Support SSO via certificate

    Allow customers who have the ability to pre-load a certificate to unauthenticated devices such as tablets as a single sign-on alternative to the captive portal.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow or block user agent strings in HTTP headers

    For customers without our Endpoint Application Control, provide the ability to allow or block user agent strings in the HTTP headers to control applications like web browsers, etc.

    This has been requested by a 3,500 user Government prospect

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to block content based on YouTube content / category rating

    Similar to Youtube for Schools, allow customers to allow or block based on YouTube content / category ratings. This has been requested by a 3,500 user Government prospect:

    https://support.google.com/youtube/answer/146399?hl=en

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  19. Proxy: Selectively specify Upstream proxy

    Ability to specify "direct" in the selective UpstreamProxy setting to disable a general Upstream-Proxy

    If a general Upstreamproxy is set, you can not specify single hosts for direct access.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  20. Alerts: Specify SMTP Port Used by SWA for Email Alerts

    We have created a new port different than 25 for SMTP traffic to help keep that port secure and standard for a few systems that we have. This port number also currently
    requires some type of authentication to access this port. We did create a secondary port that allows anonymous SMTP traffic to pass through the Exchange server. Unfortunately there isn’t any current method of applying authentication to the Web Appliance or altering the SMTP port. Seems like this was just looked over as a feature since we can even change the port and authentication methods with other pieces of…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Appliance  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.