SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Web Protection: Youtube and blocking specific categories
Coming from another vendor one of the features I like/had was that I could block categories within YouTube. We are a School District that needs to access YouTube (YouTube for Education has limited content). It would be nice to setup a policy or rule to be able to block these YouTube Categories.
Currently available categories are:
• Film
• Autos
• Music
• Animals
• Sports
• Shortmov
• Travel
• Games
• Videoblog
• People
• Comedy
• Entertainment
• News
• Howto
• Education
• Tech
• Nonprofit
• Movies
• Moviesanimeanimation
• Moviesactionadventure …163 votes -
Web Protection: Allow Users to request unblocking of sites via submission form
We would like the ability to either have greater control of the block pages i.e. fully customisable block pages or to have a form inbuilt to allow the end user to request for the site to be unblocked.
The form would prefill with the url, reason for block, username and a box for the explanation to why it should be unblocked. On submitting it would then go to the cache administrator for actioning or to a portal within utm for review
It would help increase acceptance of the system. Not all sites that fall within a blocked category necessarily warrant…
118 votes -
Web Protection: FTPS proxy
It would be great if the current FTP proxy can support FTPS traffic
99 votes -
Sandstorm customize web messages
Possibility to customize sandstorm web messages (translate)
75 votes -
Web Protection: Proxies and Profiles Mapping to Additional Addresses
I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.
Unfortunately Fully Transparent HTTP Proxy does not offer this functionality.
Read more at http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html#post10946665 votes -
Web Security: "Phrase Weighting" for Content Filtering
Add phrase weighting to the content filtration much like what is used in Dansguardian, this would much improve the current content filtration. When used right it would allow pages within an otherwise approved domain or url such as YouTube to be blocked if inappropriate content is present. As is the case with Dansguardian the aggressiveness of this type of filtering can be adjusted quite a bit.
54 votes -
Web Protection: Realtime Per-User Bandwidth Monitor
For the purpose of analyzing the current outgoing traffic usage we need a live view of the users’ HTTP connections via the Web Protection proxy along the possibility to sort it by bandwidth.
50 votes -
Enable the admin to remove unused Website Tags in Web Filtering
If one defines a website tag in the UTM for a collection of URLs, then later desires to fully delete the tag (the tags remain in the configuration db even if not assigned to any URLs), there is currently not a way to do this. I contacted support and they said this would be a feature request (seems like missing basic functionality to me).
50 votes -
Web Security: Enforce YouTube Safe Search
Add YouTube as a Safe Search option like Google, Bing, and Yahoo.
48 votes -
Web Protection: Support WCCP as a client
Customers request support of WCCP for redirecting traffic flows in real-time from a UTM to an out of path appliance. This allows use of third-party web security, WAN optimization or caching solutions. This would not allow Cisco gateways to redirect web traffic to the UTM for filtering.
46 votes -
Web Protection: Instant Message (IM) Chat Logging
While researching a UTM, I came across an IM chat logger. This will be a nice feature for Sophos UTM to have so I can inspect chat sessions for company violations/data leakage.
43 votes -
Web Protection:Force Logout of an Authenticated User
We want to force Authenticated users to log out of their current sessions in WEB SECURITY. We also want to check out who is logged in.
In all three operation mode (Transparent with Authentication, Basic user Authentication, SSO) please.40 votesThis feature was implemented in XG Firewall
-
Web Security: ICAP Support
Many DLP Systems, etc. work to filter web traffc by utilizing a 3rd party HTTP Proxy (Squid, etc.)... Most work with ICAP compatible Proxies... adding this ability would preclude my customers from having to add yet another proxy to their network infrastructure.
39 votes -
Web Protection: URL Policies based on browser, device, application (user-agent)
Our customer has a lot of special devices e.g. ipad, iphones and surface pad. Only these devices should access certain applications eg itunes.
Right now there is no adequate way to realise this requirement unless you implement user-agent based authentication.
Also some customers would like to block traffic coming from certain browsers, or certain browser versions.
38 votes -
Web Protection: Block Files Upload in Webmail
I would like to be able to block the upload of file to webmail using Web Filtering.
Ideally, we should permit users to open a webmail (like gmail.com or other public webmail) but i don't want to permit to attach file/upload file in a new mail on the webmail. In this way i can block a possible disclosure of corporate data. Thanks
34 votes -
Allow the usefulness of translate.google.com
At present translate.google.com is categorised as Proxies and Translators and is blocked under the default group policy.
We would like our users be able to use google translate to translate pages and text that are in other languages but without being able to use it to circumvent policy rules and get to blocked sites.29 votes -
Websocket Support for Web Protection / Proxy
this is self explaining and need no further details.
25 votes -
Fully support QUIC (HTTPS via UDP)
Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.More about QUIC can be read here : https://www.chromium.org/quic
With that said, I would like to see full support for QUIC natively in Sophos UTM…
25 votes -
Reset HTTPS connection instead of URL Filter block page
As an option, please provide the ability to drop or reset an HTTPS connection to a blocked web site when "URL filtering only" option is set. Reset may be preferable to drop so as to avoid timeouts. The default behavior of responding with a block page is helpful except that it causes certificate errors for clients who do not have the UTM certificate in their trusted CA list. When not using web filtering for true MITM scanning of content, it seems excessive to deploy the UTM cert throughout one's environment, and can be especially challenging on some devices. A simpler…
25 votes -
Web Protetion: Configure Allowed Target Services per Client
I would like to be able to configure the allowed target services option in policy tab for separate services to each users.
24 votes
- Don't see your idea?