We'd love to hear about it! Click here to go to the product suggestion community
Customers of XG Firewalls are reporting a bad url clasification, for example, this sites are detected as Porn/Sexuality/Nudity in other Sophos products but the clasification in XG firewall is bad.
Support say me that "Send a URL Request" but the troubble is that these URLs are Porn.
I send several URL requests but they are still not committed. No porn sites.
Even after months they are still not categoriesed. (None)
Also i think they should enhance the url submission center. If you think the same, please vote for my "feature request":
In reply to TheBalmasque:
I voted the feature request. I would recommend to Sophos to add web category override. This option is available on UTM9.
In reply to lferrara:
I opened this feature request:
When I go to the Diagnostic tab in my XG and type in those URLs in the URL Category lookup they all seem to come back as "Sexually Explicit" which is what I would expect. If you test from there are you also getting the bad categorization?
WEB filtering is a broken thing in XG.
Ultra known web sites are wrongfully categorized. This one among many others :
If you can't categorize Intel properly, you have no business to do whatsoever in WEB filtering. Before we decommissioned all Sophos products here, we would have similar results with ultra-known IBM (and many others) as well. Another example: our Corporate bank Account categorized as "Job Search". Users would knock at my door many times a day. In the end I removed WEB filtering. Also, users were able to access forbidden web sites indirectly. By doing a Google search, and clicking on the resulting page. It was not reliably repeatable however. Symantec old WEB gateway, "Spywall", would do that too. This why I checked Sophos' WEB appliance. Symantec new WEB gateway, "Blue Coat", do not do that.
according to my XG, 1, 2 and 5 are correctly categorised, but 3 and 4 are not categorised eg not found in the database.
In reply to Big_Buck:
Forgot to mention ... XG WEB filtering is a moving target. One day a WEB site could be ok. The day after, it is not. Then the following day, it is ok ...
to give you an idea I have in my daily reports over 20,000 uncategorised websites and that is with 2 (on 4 devices) active users and about 20 devices. Which in my mind means the automatic feedback which I ticked during installation is ignored.
Considering how much effort went into convincing Sophos XG development (v15) team to provide multiple updates to anti-virus etc every day instead of once a week for a product they were pushing as being state of the art firewall left a bad feeling in everyone mind.
I would like this product to work as I do see a future for it, but the UTM still runs rings around it for firewall security.
In reply to rfcat_vk:
Sophos always dare us, to send URL requests for further investigation. But the sad thing is that even when i send them months ago, they are still not categorized.
20,000 uncategeorized websites per day sounds horrible.
here an extract from yesterday executive report just to give you an idea of what I am talking about.
this is very strange. i dont know why Sophos don't use their own categorization from other products?
They seem way more accurate than the cyberoam classifications.
UTM uses the mcafee database which is fine. It's really OK when Sophos is trying to push their own database. But why they don't use the database from the entpoint protection, instead of cyberoam?
Sophos are trying to move away from Mcafee because they have to pay for it. I have been a player in the UTM environment for many years, so have a bit of an understanding where they are going.
Move away from McAfee is one thing. But they were clearly not ready to do so.
Now add to this XG and Intercept X. Sophos ended swallowing a pill far too large for what they could actually handle. They are sinking in a development boat.
It will take years to stabilize.
Meanwhile customers are paying for development more than support ...
In reply to Michael Dunn:
Ok let's try to see it this way ...
Downloading patches and updates is correctly categorized as "Freeware and Shareware" ? This implies the firewall will block them, and these updates will not get installed on any desktops. I hardly see how security gets improved in a mechanism like that ... Because of this, either we have to disable that policy and allow-all "freeware and download". Or at least IT managers faces the responsibility to disable and enable every time Intel post an update. I do not have that much time to waste.
Besides all other security products we are using - Symantec and Web Sense for example - do not pull IT manager in that extra unproductive management task waste.
For now, Sophos struggle categorizing.