I have had many requests to have a policy in our Web Security section where it is possible to allocate a time quota for Internet Access. They do not want to limit when people have access to Facebook for example but how long they are allowed to visit these type of sites.

Provide the option for the Content Filtering URL database to be downloaded/cached/stored locally.. Reduces reliance of URL Filter performance on available bandwidth, increasing response times and lookup speeds.

There is now a transparent proxy, but to have authentication requires a manual login screen for users - which is far from transparent.

A transparent proxy with SSO is almost essential, I would say.

Hi,
time based application filtering would be very nice, for example make it possible to use facebook apps at lunch time but rest of day block it

Add phrase weighting to the content filtration much like what is used in Dansguardian, this would much improve the current content filtration. When used right it would allow pages within an otherwise approved domain or url such as YouTube to be blocked if inappropriate content is present. As is the case with Dansguardian the aggressiveness of this type of filtering can be adjusted quite a bit.

I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.
Unfortunately Fully Transparent HTTP Proxy does not offer this functionality.
Read more at http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html#post109466

As some websites require content delivery by backend database servers the connection timeout between a very active server and a slow database can result in a page timeout.

By default the ASG http proxy has a value of 60 seconds before closing the connection. Currently this is only configurable to a higher value in cc, please place an option for this in the advanced tab.

It would be great if the current FTP proxy can support FTPS traffic

Hi..

We want to force Authenticated users to log out in there current sessions in WEB SECURITY and if we want to check out who is logged in,
In all three operation mode (Transparent with Authentication, Basic user Authentication, SSO) please.

It would be nice if we could create for the blocking a group of URLs, which may be analogous to the block "URL Filtering Categories" in the "Filter Actions". For example, the URL's to be blocked must not enter in every profile under blacklist.

While researching a UTM, I came across an IM chat logger. This will be a nice feature for Sophos UTM to have so I can inspect chat sessions for company violations/data leakage.

Customers request support of WCCP for redirecting traffic flows in real-time to an out of path appliance installed. Please add support for this.

Enable the option to content filter HTTPS URLs without the full man-in-the-middle interception by doing lookups and categorization on the domains that are reported as part of the certificate exchange. While not as secure as full HTTPS interception, it would solve our problems and remove the need to do the full HTTPS roll-out procedures.

At the moment, the Transparent proxy works by associating credentials with the IP of the "user". Unfortunately, this means that the first Person who authenticates from a Terminal server (like Citrix) authenticates all Users from this Terminal server. Can you change this to Cookie Based or something so authentication works for multiple users sharing the same "IP"?

I'm not sure how it might be accomplished, but it sure would be cool to have...

We are finding on a lot of our sites the company is deciding to block facebook/myspace. When we go into the Web Security -> HTTP/S -> Content Filter, and the Additional URL's to Block box, we can add individual sites, and use just facebook on it's own, but this doesn't pick up "fbcdn.net".

Under Network Definitions, I can put DNS Group and call it facebook, and this picks up all the facebook sites.

I'd like to be able to drag and drop from the Definitions section into the "Additional URL's" box.

Provide a tool whereby an Admin can supply an IP, username, URL, and time period, which then gives back the matching profile name/number/details and result (blocked or allowed, and why).. Allows administrators to test their profile configuration easily without having to do manual testing by users at their workstations, constantly logging in and out etc...just streamlines the whole process for deployment and troubleshooting.

include the bottom with this link into URL Categorization tab, to reach fastly the link to offer a possible categorization for uncategorized websites. It's also a very fast way to figure out how a specific website is categorized.

http://www.trustedsource.org/en/feedback/url

Currently Real Time Streaming Protocol is not able to be properly handled by the proxy (such as apple.mov quicktime keynote speeches). Add a mechanism to either proxy this traffic correctly, or just skip it from the scanning to allow it to operate properly with the client.. Extends the streaming support of our proxy to avoid admins needing to remove users entirely or live with certain sites / streaming not working when the proxy is enabled. Mantis: 0009463

To visualize the cache efficiency it would be cool to display some cache stats as cache hit and cache miss percentage, WAN bandwidth savings etc.

This would be a really cool addition to the IMO good caching algorithm in V7.500