We want the ability to add an image footer to advertise an event such as an exhibition to all outgoing email.

Support sharepoint in controlled web application.

When clicking "Suspicious Downloads" in the "Sophos Sandstorm" section of the Dashboard, the link should lead to a report showing the file names and according URLs of these suspicious files, and also the user who requested the file.

The ability to select all, even from a filtered point of view would be very helpful when dealing with large amounts of sites per TAG

The ability to not just add single or multiple but update too. For example updating the TAGs for the site on mass.

Currently this involves deleting the entries and readding the entries which can cause down time

My example is the Office365 IP/URL list. Updating these to Custom category, over 1500 entries.

Create a TAG that updates with the IPs and URLs of Office365 by product, eg EXO, LYO, Identity, etc

This will prevent a manual task of allowing IPs or URLs almost daily for services, or equally removing those which are no longer in use.

There is an XML available on MS that provides this info with all updates.

Dear All,

We installed Sophos Web Gateway on a computer and we use Splashtop Business to connect to other remote computer.

For this Computer, we want to block all the connections except the access for Splashtop.

So, we created a Policie, and blocked all the settings except Splashtop.

We had the Ip address and the domain of Splashtop's servers but he changes many times.

I don't want to add every months the new ip address or the domains.

is it possible to Add Splashtop Business in App Filters, like Google APP?

Thank You

Vivien Pegane

Please add a feature that allows us to block TLD's. Currently we have to manually import a list of TLD's then tag them as being blocked. This also requires us to continuously add new ones as they are released. A feature allowing us to block them and keeping them automatically updated with new ones would be great.

Allow the VM version to be built with the bridge mode functionality. Most servers these days come with four or more NIC's, plenty of ports to do bridge mode with a normal server without special hardware. Multiple VM's and host machines can be used for redundancy or some type of manual bypass could be used if the single VM fails. Would allow easier conversion of sites that use bridge mode and also allow them to use this as a backup method if hardware fails and they are waiting for replacement parts.

We'd want to allow wildcards to enable local site rules to apply to subdomain names - for example if we add an entry *.nhd.weebly.com or *.s3.amazonaws.com that are allowed in a given policy, then any domain name below that would also have the same allow policy applied, unless explicitly not allowed.

For a given local site list policy, if we blocked weebly.com and allowed *.nhd.weebly.com then 123456.nhd.weebly.com would also be allowed without needed an explicit entry.

In Sophos Central > Web Gateway > Application Control > Password/License recovery tool section, please add LastPass password manager

"WeTransfer" should be available in WebAppliaction on the SWA.
Please add the Web Application control for this webservice on the SWA!
(Due to customers request Sophtrac 7041991)
Thanks for considering!
Kind regards...

Currently once HTTPS scanning is enabled, the onward TLS Hello from the Web filter advertises all available suites, which decreases the security of the user agent configurations. Either there should be a GUI option to remove older Cyphers or the filter should copy the advertised suites from the users client hello

web security is very bad

even after selecting option to block adult content, its not blocking many adult websites

http://www.freebunker.com
http://www.imagesnake.com
http://www.imgcarry.com
http://imgprime.com

and may more
please fix it immediately

Rather than an all or nothing policy it would be extremely useful to be able to have more granular control over the level of access provided for file sharing services such as Dropbox. By more granular I mean being able to provide access to specific folders rather than the whole service. I have been advised by Sophos technical support this is currently not possible hence my request.

It would be wonderful, if the SWA could make an HTTPS call to an external system, like macmon (network access control), on a new ATP event.

So the NAC could shutdown the switch port directly. In this way, we bring up our IT security to a higher level.

It would be really handy if the logs showed failed authentication, or the option of showing these. If there are any other requests that hit the proxy which it ignores show these too.

Resorting to packet capture on the client I think is over the top. It also can cause wasted time as presently as authentication exceptions put in like others do not always work for what ever the reason.

Allow mDNS/Bonjour on the local LAN to work in the browsers. The web protection currently blocks them for no apparent reason.Put an option in the software to allow mDNS to work, it IS the age of iOT after all.

Disable/Remove "Login as a guest user" via Captive Portal.