Smoothwall UTM/SWG

Any and all ideas and feedback for Smoothwall

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IDex Agent exclude specific usernames

    Some desktop software uses it's own domain user account to authenticate and communicate with servers. This can cause that user to be logged-in on that workstation rather than the real user.

    Option to configure a list of usernames that IDex should ignore if seen by the Agent.

    Workaround: Change service usernames to include a $ symbol at the end and they will be ignored by IDex Agent.

    45 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

      We’re planning a small bug-fix update to IDex Agent soon.

      If there’s time I’d like to include this feature request too. For now this would likely be an additional configuration field where a list of usernames to exclude can be specified.

      Would this fulfil your requirements? Please add your comments to the discussion on uservoice.

    • adding vlan hassle

      If I want to add an VLAN (espesially on device with single ethernet port), it is a difficult to add a VLAN to an interface. Without edit directly config files it is impossible..

      Can you make it possible to add VLAN's without first remove all settings for that interface?

      With every firewall/router/network-thing I know is adding VLAN, nothing more that adding VLAN, no need to remove other settings first.
      By example: plain linux:
      ip link add link eth0 name eth0.8 type vlan id 8

      12 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
      • User Activity - Current Active Session Count

        I would like a count of active users on the User Activity page. Eg;
        Current Active User Sessions = 550
        Current Disconnected Sessions = 40 <--------- not so important

        9 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • Ability to add notes to exception IP addresses

          Quite often when looking through our Smoothwall boxes we come across IP addresses in the exceptions list that we don't recognise. This may be due to settings being implemented a long time ago, or by another member of the team. Our main concern is that if there is an address that we can't identify we need to make sure that it hasn't been implemented as a quick fix solution to bypassing the firewall, therefore exposing a user to potentially inappropriate material.

          For example it may be an IP address of the schools boiler monitoring system phoning home, which is fine.…

          23 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            5 comments  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
          • Automatic LetsEncrypt SSL certificate generation/renewal for local domains on reverse proxy.

            Why can't Smoothwall just generate unique SSL certs requests for each domain it reverse proxies, submit them to LetsEncrypt and handle the 90-day automatic renewal (it is, after all, proxying all requests anyway, so it could handle the ACME protocol renewal).

            Then we can just tick a "SSL this site" box for each reverse proxy entry, and we're done.

            4 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              3 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Limit Safeguarding portal reporting to student groups

              Kenilworth has added the "Groups" dropdown to the Safeguarding portal that our DSL will have access to. We need to remove or tweak this so that they can only run the report against students rather than potentially any group. We do not want them running this report against staff, for example.

              16 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
              • Bandwidth Reporting

                Is there a way to run a report on smoothwall to show our bandwidth usage. When i say bandwidth, i don't mean how much is downloaded from a domain, i mean how much of our pipe we are using, at say, 5 min internals over a given period. That way i can show the SLT that we are maxing out on our 30mb connection.

                It would also be nice to show which IPs were consuming the most of this 30mb connection and what URLs were been accessed.

                Also @ Smoothwall (if anyone is listening), the Realtime Traffic Graphs page needs…

                4 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                • Test User account

                  I would like to see a feature added to Smoothwall that LightSpeed has been providing for several years. The feature would provide the ability to test out a new user (local user) directly from the filter itself. This way, if we are creating a new user remotely, the account can be tested without having to be onsite using a separate device.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                  • Bug: Remote archive destinations don't accept hyphens in usernames or machine names

                    Bug: Remote archive destinations don't accept hyphens in usernames or machine names

                    Hi,

                    Smoothwall UTM S4 running Inverness, update 6

                    https://smoothwall:441/cgi-bin/admin/autoupdate.cgi

                    Maintenance/Scheduler/Remote archive destinations

                    I'm trying to set up a backup to a machine across the network. I want to save it over SSH with the user some-user to the machine backup.some-domain.com
                    But your software won't let me set a username with a hyphen, or a destination with a hyphen. It just says:

                    ! The remote username is invalid.

                    or

                    ! The remote hostname (server) is invalid. -

                    Hyphens have been allowed in POSIX usernames since the year dot. And…

                    4 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  Flag idea as inappropriate…  ·  Admin →

                      Hi Sean,

                      Appreciate the feedback.

                      I’ve checked and this has been logged under bug 8363 internally.

                      Can’t advise when we’ll be able to get around to fixing this issue yet however.

                      Regards,
                      Chris

                    • IDex Agent replicate all groups on first install

                      IDex Agent by default replicates AD group overnight, however on new install it would be useful if it did this once automatically to allow group mapping.

                      Current workaround is to use manual command; https://kb.smoothwall.net/Content/authentication/idexdirectory-synchronize.htm

                      20 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                      • PLEASE bring back the IP Block feature!

                        PLEASE bring back the IP Block feature! It was one of the only features I used EVERY DAY!

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
                        • user activity column filters

                          User Activity, Can it be made so that on the user activity page the columns can be filtered? That way I can only list users who are logged in via a certain mechanism (if you use RADIUS/BOYD it floods the list)

                          50 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
                          • Create containers or folders in Bandwidth Limitation

                            Having containers or folders in bandwidth limiting would be a great feature.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
                            • Enable additional ports for web access through proxy to on a site-by-site basis

                              Enable additional ports for web access through proxy to be allowed on a site-by-site basis instead of just globally.
                              Thus if for example 'http://api.mysite.com:8787 is required this can be allowed instead of allowing port 8787 in Web Proxy for all sites

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                              • Safeguarding - Email Alert breach level options

                                Our SMT believe it would be useful to be able to be able to choose the level of breach generating an alert email per Safeguarding ruleset.

                                Some of the Safeguarding ruleset's Caution level breaches are useful to know as an instant email alert.

                                An extra dropdown or checkbox to choose the reported levels on specific notifications would give a more granular options to these instant email alerts.

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Safeguarding reports by user type

                                  Hi. It would be really useful if I could filter the Safeguarding reports by user type, i.e. Staff or student user. As I monitor staff and our behaviour department monitor students.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                  • The ability to run a report for a user accounting for multiple formats of domain (i.e. FQDN/user user@googlemaildomain.com, etc.)

                                    When requested to run a report on a user at a school that uses both easylogin and google authentication we currently have to run two reports and merge them. It would be nice to be able to run a report for a user and include both the DOMAN/user and user@googlemaildomain.com.

                                    2 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                    • search directly in safeguarding for a user

                                      search directly in safeguarding for a user

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
                                      • restrict IDS alerts

                                        Where IDS sends alerts notifying of an event - once it has been investigated it would be useful to white list that event to prevent future alerts

                                        for example i get hundreds of these alerts a day and it would be good to filter them out

                                        " 6F000110: IDS alert (Intrusion Priority: 2 [Attempted Denial of Service]) ET CURRENT Possible Cisco ASA 5500 Series Adaptive Security Appliance Remote SIP Inspection Device Reload Denial of Service Attempt (sid: 2010818) [81.145.172.30:5060->

                                        5 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Guardian MiTM warning message on BYOD networks only.

                                          The Guardian MiTM warning message is a global warning message, so it will display the same thing for any user who sees the MiTM warning page, regardless of what network they are on.

                                          I would like the option to only display the warning page informing users who try to access HTTPS web sites that their communication with the site is being decrypted and inspected ONLY on our BYOD networks - and NOT for it also to display on our LAN - where obviously they cannot install the certificates!

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 49 50
                                          • Don't see your idea?

                                          Feedback and Knowledge Base