Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 0 subscribers
  • Views 32629 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Appliance - Feature requests

RL

Hi,

Firstly I'd like to say that the Sophos Web Appliance is a great product. So good work guys. However with anything there is room for improvement. Something ITIL will label as CSI. (Continual Service Improvement).

So knowing that Sophos are very good at listening, but there is no feature request channel for the Web Appliance as yet, I thought I'd air my requests here...

1. More granular RBAC. - Currently one needs to be given 'Full Access Administrator' rights to amend the 'Authentication > Profiles', and / or 'Connection Profiles'.

We often need to allow an admin to add a User Agent string / Application, Device, or a destination URL because the calling application does not support proxy authentication.

However I don't want the admin to have the rights to change Administrators.

So it's the usual all or nothing approach.

2. AD integrated RBAC. Do I really need to explain the need for this?! ;) It's lacking in a lot of Sophos products.

3. A LOT more detailed reporting / diagnostics is required when internet access is blocked. For example I noticed that requests to various URL's from an IP address was being blocked to various destinations. All the Sophos Web Appliance could tell me is that it was blocked. (Not helpful!)

However when I forced the users traffic to go via our ISA / TMG server then I could quickly ascertain that a certain application with a user agent string was hitting the proxy and not supplying credentials.

In order to get this information from Sophos I understand that Sophos technical support would need to SSH to our device and then search through the logs.

This is not very helpful, and a LOT more work has to be done on the logging / reporting to determine WHY something is blocked. Reporting that it is blocked because of a policy isn't detailed enough.

4. The ability to exclude destinations from being sent to the Web Appliance when using End Point Control integration. E.g. Like you can put exclusions in the proxy list of a browser.

Thanks for listening.

John

P.S. Question - when a customer has both proxy integration AND End Point Control integration enabled what happens to the traffic requests?

:42398


This thread was automatically locked due to age.
Parents
  • 0

    Heres my two cents:

    1. Exclusion rules for DLP to prevent the appliance from reading certain emails. I like the dlp controls but I would like to control if it reads certain emails.

    2. Better Definitions for built in rules. Not strictly a Feature request but needed nonetheless. For example, Passport details. Currently the description reads:

    Passport number and qualifying phrases.
    Countries supported: Australia,
    Brazil, Canada, France, Germany, Ireland, Italy, Spain, UK, USA

    What is a qualifying phrase? ive had this rule trigger on unrelated passport information, but sometimes entering a valid passport number doesnt trigger it. At least give us a definition file in the help section to read over

    3. Allow easiler DLP rule building. Currently in order to define keywords you either have to define strict keywords, or write a regular expression to define a range. Why not have the tools build this? I had to go through a crash course trying to setup keywords with regular expressions because I wasnt very familiar with writing them, but they are fairly easy to simply build into the program upon keyword filtering selection.

    4. Allow custom DLP rule building from the email appliance. Who thought it was a good idea to make the sophos admin client the only way to build dlp rules? program that into the appliance, it has the horespower.

    Thanks

    :43751
Reply
  • 0

    Heres my two cents:

    1. Exclusion rules for DLP to prevent the appliance from reading certain emails. I like the dlp controls but I would like to control if it reads certain emails.

    2. Better Definitions for built in rules. Not strictly a Feature request but needed nonetheless. For example, Passport details. Currently the description reads:

    Passport number and qualifying phrases.
    Countries supported: Australia,
    Brazil, Canada, France, Germany, Ireland, Italy, Spain, UK, USA

    What is a qualifying phrase? ive had this rule trigger on unrelated passport information, but sometimes entering a valid passport number doesnt trigger it. At least give us a definition file in the help section to read over

    3. Allow easiler DLP rule building. Currently in order to define keywords you either have to define strict keywords, or write a regular expression to define a range. Why not have the tools build this? I had to go through a crash course trying to setup keywords with regular expressions because I wasnt very familiar with writing them, but they are fairly easy to simply build into the program upon keyword filtering selection.

    4. Allow custom DLP rule building from the email appliance. Who thought it was a good idea to make the sophos admin client the only way to build dlp rules? program that into the appliance, it has the horespower.

    Thanks

    :43751
Children
No Data
Unfiltered HTML