The standard Web Gateway install exhibits the following behaviour that really should be fixed.

Revoked leaf certificate - treats as trusted.
Bad HPKP pin - treats as trusted.
SHA-1 signed certificate - treats as trusted.
Invalid SCT - treats as trusted.

I mean come on, not checking for revoked certificates is pathetic in what's meant to be a security product.

Set the maximum Downlaod-Size of File in Rules.
We want to set a Rule for Users or IPs that control the max. Size of a Download-File. e. g. is not allowed to Download a File with over 25MB.
In SiteKiosk we can set this Option, but when the Sophos Web Appliance is used as Proxy, the Download starts and get the hole File (e. g. 100MB) and then SiteKiosk can say: No, Download is to large ...

Generic Block for local site list.

This came up when trying to block a website for all our sites except for one.
Additional policy was created to allow the site, but to block other sites we changed the Category to something that was blocked. This does not indicate the correct reason.

Unable to use global block tag as it has higher precedence.

The ability to modify the syslog output would be a great feature so that we can tailor that output to a format that works best with our SIEM.

Currently, only the username is included in the syslog output. Please add in the source ip as well.

Being able to run reports on individual users for total browse time during a day, or other period of time, is a pretty standard report on most any other web filter and is painfully lacking in the Cloud Web Gateway. This is a pretty common request from HR departments to get an idea if someone is not managing their time appropriately. The report should be based on activity to get an idea of how long someone was actively browsing web pages.

Adding the ability to add a stamp to email above the text as a warning example "Warning Do not open attachment or click on links from people you do not know or untrusted sources"

Reports improvements such as:
Internal Mail Hosts - the amount of mail coming from each internal host
Mail Delivery Servers - amount of mail through these

Trusted Relays - amount of mail through these

Hi everyone, I have enabled Sophos Live Connect on the management server but I have the problem that the list of enabled and then removed clients is not updated, it always stays with the old rumbling entries. Is there a chance to remove these old rumors?
Thank you.
Francesco

It would be very useful for testing custom URL tagging if we were able to audit, in addition to allowing and blocking, clicks through to URLs we have tagged. This would allow us to deploy large changes at a large scale with no impact while we observe the potential impact.

One of our largest platinum service CWG client who is using cloud web gateway services globally requests this feature to be added as soon as possible as this is hindering their global response capabilities.

They are not able to filter logs under logs section of CWG dashboard on Sophos Central by entering destination IP or domain a user has visited.

non-standard domains and sub-domains are ignored for SSL inspection exemption. This makes it hard to exempt corporate trusted domains. example would be "server.itn.shell"

the exception by CIDR range only works for websites requested by IP which is a pointless feature IMO. The exception should apply to sites when using FQDN.

Request to support VMWare ESXi 6.5 for the virtual web appliance installation.

Platinum Customer CH2M Hill Companies requests this feature.
Currently we have only Outlook.com categorized as an Web Application. Office365 should also be seen by the SWA as Web Application, especially for reporting purposes.

Hi..

customers would like to have websockets (RFC 6455) being supported/transported by the SWA.

Thanks a lot for considering!

Kind regards..
uɐɟǝʇS

(Sophtrac 7432710)

The list of logs that were quarantine could be many 1000 messages and it would be convenient if users can find a specific email that was mistakenly placed in the quarantine log by entering sender email or subject of the message.

YouTube Videos Filter option is not available as users request from tech team finance team or HR team we need to allow complete YouTube access as that is not best practice so please help us to solve this problem as to allow only specified videos for example for technical team only technical videos and HR only related to THat.

kindly looking for the update.

Regards
Prem Sagar

It should be a feature to be able to allow access to certain pages within domains that are blocked.
For example block google docs as a whole but allow access to a specific URL for access to a document without having to open up access to the whole of Google Docs.