Smoothwall Filter (On Premise)

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Different Login Timeouts for different groups

    Be nice to be able to set (for example) staff to all day login timeout (especially if they're on their own PC) and have students set the length of a lesson.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Automatic LetsEncrypt SSL certificate generation/renewal for local domains on reverse proxy.

    Why can't Smoothwall just generate unique SSL certs requests for each domain it reverse proxies, submit them to LetsEncrypt and handle the 90-day automatic renewal (it is, after all, proxying all requests anyway, so it could handle the ACME protocol renewal).

    Then we can just tick a "SSL this site" box for each reverse proxy entry, and we're done.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Radicalisation

    Have just received a concerned call from a Senior Manager about the fact that we should be blocking "Radicalisation" as a specific category on the internet filtering. (Other products, "Websense" advertise that they do this, which is what I got quoted) I couldn't see this term used specifically despite seeing terrorism. So she was still concerned about this category. If it does it, it might be worth changing the name on the category terrorism to terrorism / radicalisation if that is what it does or something equivalent. I wouldn't have had to raise a call if it did.

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Tanja Erhardt responded

    At the moment Safeguarding has a “Radicalisation” ruleset that includes the filtering categories “Terrorism” and “Intolerance”. We would like to expand on this further with a separate list of phrases/words in the future that will be used for monitoring purposes (these phrases are too ambiguous most of the time to block them but should be flagged up in context)

  4. It would be nice if SmoothWall exported netFlow or sFlow flows.

    We just switched over from a SonicWall UTM platform. Really, the only thing I miss about it is the ability to export flow information to Scrutinizer (or some other flow collector). A flow collector is the only way to show who or what is responsible for large bandwidth spikes.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. Administrator comments for Guardian Destination Exceptions

    There should probably be a comment section for the Guardian Destination Exceptions, as many admins are having to plug in multiple IPs and subnets, but cannot keep track of what they were for.

    This may require a rebuild of the HTML behind the web form, however.

    - Rob

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Bandwidth Quotas

    We're in the process of developing bandwidth reporting and shaping algorithms that will report and manage on an IP basis according to applications used.

    We've had some input that bandwidth quotas by IP address or user would be a useful extension to these features. This could provide a bandwidth quota on a daily basis with an action of blocking the user for the remainder of the day if the quota was exceeded.

    We're looking to see how much interest this sort of feature might have and whether there are any specific user requirements surrounding the capability.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reports should include the time period the report is for and any speciffic options selected

    Please add option for reports to display a title containing the time period and what the report is for? For example, I have a report that displays the activity of a specific user over a period of time, but the report does not display what user or what period of time the report is for. If you have to run many reports for different users for different periods of time it makes it extremely difficult to tell which report refers to what user. This is also the case when exporting reports to a file (.pdf, .csv, etc.). I have tried…

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Dan Mckean-Tinker responded

    As we go along, we’re gradually updating reports and creating news ones to ensure each has this information. This allows someone looking at a report much later or looking through many reports to see what the data is that they’re looking at.

  8. Restore specific web filter policies

    Hello,

    I would have like to have the option to restore only specific web filter policies so that I could upload them to my test machine and trouble shoot issues our cutomers expirience.

    Cheers,
    Hanna

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  9. Custom allowed content - allow us to record who has requested exception

    Staff request exceptions in custom allowed content. It would be nice to record this against the exceptions we add

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  10. safeguarding hostname

    Safeguarding Report to include IP Address and Hostname for breach. This way you don't have to run Blocked User to get IP and DHCP log to get device name. Which will cut down investigation time by 2/3rd's.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow squid error pages to be customised.

    The requested URL could not be retrieved

    While trying to retrieve the URL: http://dsdsdsdsasadsschee.com/

    The following error was encountered:

    Unable to determine IP address from host name for dsdsdsdsasadsschee.com

    The dnsserver returned:

    Name Error: The domain name does not exist.

    This means that:

    The cache was not able to resolve the hostname presented in the URL.

    Check if the address is correct.

    Your cache administrator is $foo.

    --------

    This breaks their minds and they ask for the random website to be unblocked because "the proxy said something".

    Suggestions:

    1) Allow Squid to serve custom error pages, either locally or from…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  12. Bonding/Teaming 2 interfaces together to improve bandwidth, whilst both interfaces still have the same IP.

    Bonding/Teaming 2 interfaces together to improve bandwidth, whilst both interfaces still have the same IP.

    This would enable the smoothwall to be plugged into the same switch twice, and double the bandwidth available to the smoothwall on a given network. (This does require the network infrastructure to handle this bandwidth)

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve HW failover to monitor connectivity and services

    Currently hardware fail-over requires a full failure of the primary system and to become unavailable on the heartbeat interface for it to switch over to the slave. This can mean a system with a failed filtering service or network interface will be left running instead of switching to the fail-over system.

    Ideally the fail-over system could be expanded to include monitoring enabled critical services for failure (Eg Guardian, VPN etc) and also network interfaces for loss of connectivity.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Central Management, Clustering & HA  ·  Flag idea as inappropriate…  ·  Admin →
  14. SafeGuard Report Custom Time

    It would be useful to be able to manually set a time for when the SafeGuard reports are sent to the group in question.
    Our SLT would like to receive filter reports every day at 5pm to analyse ready to discuss with students the next day!

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Tanja Erhardt responded

    Do most of you find that your SLT are requesting this?

  15. User Agent as policy object

    In some circumstances it would be useful to be able to define the user agent as a policy object for use in Guardian. For example the Microsoft Office Existence Discovery UA is used by Office to check for live versions of documents as Office doesn't support NTLM it can cause authentication pop-ups, being able to set the UA to not require authentication could be a fix for this.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  16. Notating Exceptions.

    A way to log what exceptions are. So when I add an exception I can add a note with it as to who or which site that exception is for.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Computer name

    show computer names in 'live' traffic graphs

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Auto Blocking IP's based on rules / policy / triggers.

    I spend my mornings checking who has tried to hack us - when I see IP's that have been trying for hours / days I add their IP to my block-list.
    This is now getting too time consuming to manage. Can we not have an auto block to any IP's that continually try to hack us. Maybe we can set some thresholds that when any IP triggers they get an auto block. But going forward I think this is a must.

    I am sure my lfd on my Linux web server auto blocks hack attempts. Would love my Smoothwall to…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Configurable Dashboard

    Could the items on the dashboard be configurable by the user? It would be nice to see what we wanted on the dashboard such as quick block / allow or live web traffic, rather than the current set of information / tools.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow support for HSRP in Failover

    Current failover requires a heartbeat connection between the 2 Smoothwalls where they share all the same settings including IP addresses.
    When updating and some other Scenarios, a term used by Support called "Split Brain" happens, this is when the Failover believes the Master went down as it didn't respond to ping for a small period of time and tries to take control, then the Master sends the signal to the Failover to enter standby while the Failover is half way through starting and causes some services to be active and some to be down, all while both boxes are fighting…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Central Management, Clustering & HA  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base