Smoothwall UTM/SWG

Any and all ideas and feedback for Smoothwall

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow selection of individual IPSEC VPN links when creating firewall rules

    Allow selection of individual IPSEC VPN links when creating firewall rules

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
    • IPS - autoblock probe IPs

      It would be useful if Smoothwall had a way of automatically blocking IP addresses of malicious/probe packets dropped by IPS.
      Thanks.

      10 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
      • Filter IDS logs to show Priority 1

        Ability to filter IDS logs to show Priority 1.
        Also make the IDS log searchable.
        Both can be achieved by export, but it would be nice to be able to do it within the web interface.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
        • SSL VPN Road Warrior - filter by geo location

          We get incessant SSL road warrior connection attempts from hostile IP addresses. I can limit by groups and can block IP's manually via firewall rule, but that's a rough way to cut down on this traffic. The VPN control panel is therefore drowning in "unfinished" road warrior connections. I'd love it if there was a geo location way to filter traffic in general, but more specifically for SSL VPN. Especially useful for an SMB like us who only have employees in the U.S. and can safely block SSL VPN attempts from all other countries

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
          • Auto Blocking IP's based on rules / policy / triggers.

            I spend my mornings checking who has tried to hack us - when I see IP's that have been trying for hours / days I add their IP to my block-list.
            This is now getting too time consuming to manage. Can we not have an auto block to any IP's that continually try to hack us. Maybe we can set some thresholds that when any IP triggers they get an auto block. But going forward I think this is a must.

            I am sure my lfd on my Linux web server auto blocks hack attempts. Would love my Smoothwall to…

            23 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
            • bandwidth module improvements "Policing"

              The current Bandwidth Module provides "shaping" which is only good for outbound connections. Its a store and forward from my understanding.

              Policing on the other hand can be applied to both inbound and outbound connections. It relies on IP (i believe) to slow down the connection by dropping packets. (Would only be good for TCP) It would be great if we could limit inbound and outbound based on External and Internal ip addresses. Currently inbound connections can flood the whole RED adapter.

              Example an internal address requests data from say Microsoft Updates. The Max connection rate will be used to…

              6 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
              • Bulk import of IP addresses

                When adding IP blocks, it would be useful to import from CSV rather than adding line by line

                I have 6000 addresses i need importing

                10 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  3 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                • Intrusion Prevention: Correcting False Positives

                  When there is a false positive block on the IPS, it would be very helpful if there was an easy way to hit "allow" or "unblock". Currently, I have to get the SID, and manually drag through all the policies to find the one policy to 'uncheck'. I use browser hacks, such as "CTRL F" but that is slow and cumbersome.

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                  • Foreign Country IP Blocking Dynamic List / Geo Blocking

                    Most Firewalls allow you to select which countries you would like to block. I can manually add a subnet but each country generally has like 200 subnets to type in. It would nice to select what countries you would like to block and have that list part of a definition file that gets updated like the content filter.

                    103 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      44 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                    • Support for packet capture within the user interface

                      It would be extremely useful to be able to perform a packet capture (.pcap / tcpdump) from the Smoothwall web interface for the purposes of troubleshooting. Presumably this is simply achieved if you have root access and can log in over SSH, but in environments where this is not available, there is no way currently to perform a packet capture and a very useful troubleshooting option is therefore not possible.

                      12 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                      • Address Object Created

                        Problem: Having to go back and forth to find information on Address Object.

                        Should be able to view the IPs when overing over the Object(popup) in port forward, anywhere when we use the object.
                        This will reduce support time and customer time and set some clarity when fault finding.

                        11 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                        • Layer 7 rules should be both allow and deny

                          Presently (Kennilworth) layer 7 filtering can only be applied to deny rules. This doesn't seem helpful to organisations that begin with a "block all ports and open only what we need" strategy which seems to be the most common strategy.

                          It would be most helpful (and an excellent selling point) if we could just allow Dropbox or Skype or WhatsApp with the bare minimum of effort.

                          24 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →

                            Currently this is not possible to achieve, as layer7 relies on allowing a few “unknown” packets through before we get an idea of what the traffic is. As such, you can’t work out what the traffic is until too late for an “allow”.

                            We’re looking at Layer7 options that provide a “first packet ID” but this is early stages

                            Tom

                          • why is it blocked?

                            on the realtime filter page, it would be really useful if a red line could be clicked to find out exactly why it has been blocked and why it was highlighted red

                            4 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                            • DNS Fast routing

                              DNS Smart Fast - Similar to DNS jumper, smoothwall should be able to update and set the fastest DNS by ticking box and select family safe open DNS

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                              • 1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                                • raw firewall log

                                  The firewall log works perfectly for everyday use. But sometimes you need more information. Is it possible to include the name of the rule in the raw firewall log files. Now I have to first see what the uuid of a rule is and then I can get the information out of the log. But if the firewall rule has been modified, the uuid is also modified. It's very annoying if you want to know if there is a certain amount of traffic through the firewall over a long period of time.

                                  18 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Need to be able to edit service in firewall rule when editing a rule

                                    Need to be able to edit service in firewall rule when editing a rule

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Policy-Based VPN Routing

                                      I was told by Smoothwall's support that their firewall does not support Policy-Based VPN's. Smoothwall's firewall can only do Route-Based VPN's. This VPN is needed for certain aspects of our Student Management System.

                                      6 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                                      • adding vlan hassle

                                        If I want to add an VLAN (espesially on device with single ethernet port), it is a difficult to add a VLAN to an interface. Without edit directly config files it is impossible..

                                        Can you make it possible to add VLAN's without first remove all settings for that interface?

                                        With every firewall/router/network-thing I know is adding VLAN, nothing more that adding VLAN, no need to remove other settings first.
                                        By example: plain linux:
                                        ip link add link eth0 name eth0.8 type vlan id 8

                                        13 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                                        • address object manager page -

                                          1. This page needs to stop using thickboxes for adding new objects. Clicking in the area around the object cancels out all the entries i've added meaning i need to input all the addresses again!
                                          2. allow us to add ip addresses via a basic text editor like on the guardian pages! Adding IP addresses one by one is so time consuming! For example, Office365 IP addresses!!!
                                          Thank You :)

                                          0 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base