Smoothwall Filter (On Premise)

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make it possible to set an End Date for firewall rules

    I am regularly told that a port needs to be opened for a fairly brief period of time - sometimes it's just one day, sometimes a week or a couple of months. It would be great if I could set up the firewall rule and at the same time specify a date & time when the rule expires. (even better if I could have a choice of whether to delete it, disable it, or notify me of the fact that I need to check if the rule is still needed.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Address Objects to include DOMAIN WILD CARDS (like *.domain.com)

    Due to the development of Cloud Services I need to place domain wildcards into Smoothwall Address Objects instead of ever changing IP Addresses.
    Address Objects ONLY allow IP addresses and ranges but this does not work where external IP addresses are changing unpredictably under a DNS domain (where the Domain name remains constant of course).
    An increasing number of cloud services make this feature increasingly urgent.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Firewall log viewer should have a NOT boolean function

    In the firewall viewer it should be possible to have a NOT option. This is a standard feature on other firewall products. e.g. if wanting to see all the traffic from a particular IP address except ports 80 & 443.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  4. GLOBAL replicated firewall rules

    GLOBAL replicated firewall rules that can be replicated to child nodes, just like Guardian policies in a tenant environment.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide statistics on which firewalls have been used, how much, and when.

    I have a large number of firewall rules. When I do an audit it would be great to be able to see information relating to how used the rule has been - the number of packets, the volume of data, the typical hours of use, the host distribution, and the last time traffic was permitted to the rule.

    This would make it much easier for me to identify which rules are actually no longer needed, and also provide information as to how the rules might be tightened.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Subnet Routing Verification & Automatic Undo after 10 seconds

    Currently, if I type in a incorrect route, lets say I did a 10.60.4.0/20 . It accepts it, even though the subnet should start at 10.60.0.0. This in essence makes you believe your route is in place but the Smoothwall simply ignores it. It would be nice to see a validation or do what Watchguard/Other firewalls do and prevent incorrect routes being put in.

    Additionally, when a route is put in, it should apply the setting but then undo itself after 10-15 seconds unless you confirm it. Similar to when you change resolution on a windows PC. This will then…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to import multiple CIDRs at a time into the same object rather than one CIDR at a time in different objects

    If I want to allow connections on non-standard ports (i.e. not 443 or 80, everything else is default dropped) to a wide range of addresses owned by the same hosting company, it would be much easier to paste in a list of CIDR IPs into the same object rather than one CIDR at a time into different objects.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  8. IDS

    I have worked with several firewall appliances in the past that have the ability to drop or reset network traffic when a threat is detected by the IDS. If a threat is deemed as a false positive, a rule can be created to whitelist that particular vulnerability for that IP address of the internal device. This would help stop any threats from communicating on the network until deemed safe.

    I would also like to see the source IP address of the internal device when running reports. Currently, we only see the Firewall public IP -> External IP of device on…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Help display

    help distorts page display

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  10. your export process does not offer a start AND end time option

    your export process does not offer a start AND end time option so how can we export the hours of logs we want to see ? your export options are lacking in usability.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support for packet capture within the user interface

    It would be extremely useful to be able to perform a packet capture (.pcap / tcpdump) from the Smoothwall web interface for the purposes of troubleshooting. Presumably this is simply achieved if you have root access and can log in over SSH, but in environments where this is not available, there is no way currently to perform a packet capture and a very useful troubleshooting option is therefore not possible.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPS - autoblock probe IPs

    It would be useful if Smoothwall had a way of automatically blocking IP addresses of malicious/probe packets dropped by IPS.
    Thanks.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow selection of individual IPSEC VPN links when creating firewall rules

    Allow selection of individual IPSEC VPN links when creating firewall rules

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Filter IDS logs to show Priority 1

    Ability to filter IDS logs to show Priority 1.
    Also make the IDS log searchable.
    Both can be achieved by export, but it would be nice to be able to do it within the web interface.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  15. SSL VPN Road Warrior - filter by geo location

    We get incessant SSL road warrior connection attempts from hostile IP addresses. I can limit by groups and can block IP's manually via firewall rule, but that's a rough way to cut down on this traffic. The VPN control panel is therefore drowning in "unfinished" road warrior connections. I'd love it if there was a geo location way to filter traffic in general, but more specifically for SSL VPN. Especially useful for an SMB like us who only have employees in the U.S. and can safely block SSL VPN attempts from all other countries

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Address Object Created

    Problem: Having to go back and forth to find information on Address Object.

    Should be able to view the IPs when overing over the Object(popup) in port forward, anywhere when we use the object.
    This will reduce support time and customer time and set some clarity when fault finding.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Auto Blocking IP's based on rules / policy / triggers.

    I spend my mornings checking who has tried to hack us - when I see IP's that have been trying for hours / days I add their IP to my block-list.
    This is now getting too time consuming to manage. Can we not have an auto block to any IP's that continually try to hack us. Maybe we can set some thresholds that when any IP triggers they get an auto block. But going forward I think this is a must.

    I am sure my lfd on my Linux web server auto blocks hack attempts. Would love my Smoothwall to…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  18. Layer 7 rules should be both allow and deny

    Presently (Kennilworth) layer 7 filtering can only be applied to deny rules. This doesn't seem helpful to organisations that begin with a "block all ports and open only what we need" strategy which seems to be the most common strategy.

    It would be most helpful (and an excellent selling point) if we could just allow Dropbox or Skype or WhatsApp with the bare minimum of effort.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →

    Currently this is not possible to achieve, as layer7 relies on allowing a few “unknown” packets through before we get an idea of what the traffic is. As such, you can’t work out what the traffic is until too late for an “allow”.

    We’re looking at Layer7 options that provide a “first packet ID” but this is early stages

    Tom

  19. Block TOR exit nodes.

    Block TOR exit nodes.
    I monitor and update my list of past and present TOR exit nodes and manually add them to our Block Lists. Automating this for all would be helpful. Possibly this could be an addition to geolocation blocking if thats ever included in the system.

    The current TOR exit list is published via the TORproject .
    Below is the link.

    https://check.torproject.org/exit-addresses

    Thanks

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  20. bandwidth module improvements "Policing"

    The current Bandwidth Module provides "shaping" which is only good for outbound connections. Its a store and forward from my understanding.

    Policing on the other hand can be applied to both inbound and outbound connections. It relies on IP (i believe) to slow down the connection by dropping packets. (Would only be good for TCP) It would be great if we could limit inbound and outbound based on External and Internal ip addresses. Currently inbound connections can flood the whole RED adapter.

    Example an internal address requests data from say Microsoft Updates. The Max connection rate will be used to…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base