This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Appliance - Feature requests

Hi,

Firstly I'd like to say that the Sophos Web Appliance is a great product. So good work guys. However with anything there is room for improvement. Something ITIL will label as CSI. (Continual Service Improvement).

So knowing that Sophos are very good at listening, but there is no feature request channel for the Web Appliance as yet, I thought I'd air my requests here...

1. More granular RBAC. - Currently one needs to be given 'Full Access Administrator' rights to amend the 'Authentication > Profiles', and / or 'Connection Profiles'.

We often need to allow an admin to add a User Agent string / Application, Device, or a destination URL because the calling application does not support proxy authentication.

However I don't want the admin to have the rights to change Administrators.

So it's the usual all or nothing approach.

2. AD integrated RBAC. Do I really need to explain the need for this?! ;) It's lacking in a lot of Sophos products.

3. A LOT more detailed reporting / diagnostics is required when internet access is blocked. For example I noticed that requests to various URL's from an IP address was being blocked to various destinations. All the Sophos Web Appliance could tell me is that it was blocked. (Not helpful!)

However when I forced the users traffic to go via our ISA / TMG server then I could quickly ascertain that a certain application with a user agent string was hitting the proxy and not supplying credentials.

In order to get this information from Sophos I understand that Sophos technical support would need to SSH to our device and then search through the logs.

This is not very helpful, and a LOT more work has to be done on the logging / reporting to determine WHY something is blocked. Reporting that it is blocked because of a policy isn't detailed enough.

4. The ability to exclude destinations from being sent to the Web Appliance when using End Point Control integration. E.g. Like you can put exclusions in the proxy list of a browser.

Thanks for listening.

John

P.S. Question - when a customer has both proxy integration AND End Point Control integration enabled what happens to the traffic requests?

:42398


This thread was automatically locked due to age.
  • Just another addition to the feature requests please:

    1. Display a customisable HTML onetime “Terms of Service” screen or policy page which the user must read and acknowledge before internet access is granted. Then get the appliance to keep a record of these transactions or send off to the syslog server.

    NB: To work in both SSO and Captivate Portal mode.  

    Here's an add-on for Microsoft ISA/TMG (yes I realise Sophos WSA isn't ISA/TMG) but every little bit of info helps: http://www.collectivesoftware.com/solutions/captivate 

    Thanks,

    John

    :43303
  • Heres my two cents:

    1. Exclusion rules for DLP to prevent the appliance from reading certain emails. I like the dlp controls but I would like to control if it reads certain emails.

    2. Better Definitions for built in rules. Not strictly a Feature request but needed nonetheless. For example, Passport details. Currently the description reads:

    Passport number and qualifying phrases.
    Countries supported: Australia,
    Brazil, Canada, France, Germany, Ireland, Italy, Spain, UK, USA

    What is a qualifying phrase? ive had this rule trigger on unrelated passport information, but sometimes entering a valid passport number doesnt trigger it. At least give us a definition file in the help section to read over

    3. Allow easiler DLP rule building. Currently in order to define keywords you either have to define strict keywords, or write a regular expression to define a range. Why not have the tools build this? I had to go through a crash course trying to setup keywords with regular expressions because I wasnt very familiar with writing them, but they are fairly easy to simply build into the program upon keyword filtering selection.

    4. Allow custom DLP rule building from the email appliance. Who thought it was a good idea to make the sophos admin client the only way to build dlp rules? program that into the appliance, it has the horespower.

    Thanks

    :43751
  • Some more to add, which to be honest I am shocked are not already part of the existing feature set:

    1. More granular built-in categories. They need to be exanded like competitors products

    2. The ability to create custom categories, again this is amazing it's not already part of the feature set.

    For example, to block a website outright, the only options are to:

    1. Class it a high risk

    2. Place the website into a category that is already blocked.

    So, for radio  / high bandwidth websites; I can't categorise this has High Risk (as they are not) and don't want to block Entertainment or Streaming Media as this will block legitimate business requests.

    TBH I'm quite amazed at how much work SWA needs in order to come even close to it's competitors. So much so that I am seriously considering moving away from SWA.

    :47257
  • You can use tags as a replacement for custom categories. Add a site to Local Site List and assign/create a tag.

    Create an "Additional Policy". There you can assign an action (Allow/Warn/Block) to a tag.

    -Holger

    :47261
  • Holger, 

    Thank-you very much. I mentioned tags to Sophos support and they said no. grrrrr!

    Still, my request for better categorisation stands.

    Thanks again, 

    John

    :47265
  • It would be nice to have the web appliance be able to use gmail for the outbound server. As of now, we can't utiize the email function of the web appliance as we have Google Apps for Education and Google requires a username and password for smtp authentication.

    Also, it would be nice to have a real-time view feature of all the web traffic that is flowing through the appliance. 

    Chris

    :47691
  • Chris, 

    The real-time view would be lovely. 

    Right now we have to use the combination of :

    1. NetFlow / Packet analysis to see when the bandwidth gets hit

    2.. Syslog to try and analyse it further

    3. Correlate this with the Sophos Web Appliance.

    I never had to anything like this with Websense, and constantly hear excuse after excuse as to why the reporting is like it is.

    Honestly I'm getting fed up with the constent barrage of rubbish from Sophos and get slated everyday for defending them when their products fail to hit the mark.

    Things unfortunatgely are getting worse.

    However I'd better stop here as I just get wound up by it all.

    SOPHOS ARE LOSING TOUCH WITH THEIR CUSTOMER BASE AND THEIR REQUIREMENTS!

    :47699
  • We have been investigating DLP in exchange 2013. One of the very interesting features it offers is the ability to set certainty thresholds, allowing different actions to be processed depending on what data is captured in the email. For instance, if it detects a number string and a name it could be assigned an 85% certainty vs just a number string with a 65% certainty. You can then define actions based on the certainty level, allowing for a more flexible response and controlling false positives better.  Is anything like this planned for DLP in the ES1100? CAL licenses for exchange are expensive, and if sophos can offer a similar feature in the appliance that would be a major bonus for those who dont already have CALs

    :53097