Smoothwall Filter (On Premise)

Any and all ideas and feedback for Smoothwall

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Firewall log viewer should have a NOT boolean function

    In the firewall viewer it should be possible to have a NOT option. This is a standard feature on other firewall products. e.g. if wanting to see all the traffic from a particular IP address except ports 80 & 443.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Address Objects to include DOMAIN WILD CARDS (like *.domain.com)

    Due to the development of Cloud Services I need to place domain wildcards into Smoothwall Address Objects instead of ever changing IP Addresses.
    Address Objects ONLY allow IP addresses and ranges but this does not work where external IP addresses are changing unpredictably under a DNS domain (where the Domain name remains constant of course).
    An increasing number of cloud services make this feature increasingly urgent.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  3. Help display

    help distorts page display

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Subnet Routing Verification & Automatic Undo after 10 seconds

    Currently, if I type in a incorrect route, lets say I did a 10.60.4.0/20 . It accepts it, even though the subnet should start at 10.60.0.0. This in essence makes you believe your route is in place but the Smoothwall simply ignores it. It would be nice to see a validation or do what Watchguard/Other firewalls do and prevent incorrect routes being put in.

    Additionally, when a route is put in, it should apply the setting but then undo itself after 10-15 seconds unless you confirm it. Similar to when you change resolution on a windows PC. This will then…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  5. your export process does not offer a start AND end time option

    your export process does not offer a start AND end time option so how can we export the hours of logs we want to see ? your export options are lacking in usability.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for packet capture within the user interface

    It would be extremely useful to be able to perform a packet capture (.pcap / tcpdump) from the Smoothwall web interface for the purposes of troubleshooting. Presumably this is simply achieved if you have root access and can log in over SSH, but in environments where this is not available, there is no way currently to perform a packet capture and a very useful troubleshooting option is therefore not possible.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  7. IPS - autoblock probe IPs

    It would be useful if Smoothwall had a way of automatically blocking IP addresses of malicious/probe packets dropped by IPS.
    Thanks.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow selection of individual IPSEC VPN links when creating firewall rules

    Allow selection of individual IPSEC VPN links when creating firewall rules

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Filter IDS logs to show Priority 1

    Ability to filter IDS logs to show Priority 1.
    Also make the IDS log searchable.
    Both can be achieved by export, but it would be nice to be able to do it within the web interface.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL VPN Road Warrior - filter by geo location

    We get incessant SSL road warrior connection attempts from hostile IP addresses. I can limit by groups and can block IP's manually via firewall rule, but that's a rough way to cut down on this traffic. The VPN control panel is therefore drowning in "unfinished" road warrior connections. I'd love it if there was a geo location way to filter traffic in general, but more specifically for SSL VPN. Especially useful for an SMB like us who only have employees in the U.S. and can safely block SSL VPN attempts from all other countries

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Auto Blocking IP's based on rules / policy / triggers.

    I spend my mornings checking who has tried to hack us - when I see IP's that have been trying for hours / days I add their IP to my block-list.
    This is now getting too time consuming to manage. Can we not have an auto block to any IP's that continually try to hack us. Maybe we can set some thresholds that when any IP triggers they get an auto block. But going forward I think this is a must.

    I am sure my lfd on my Linux web server auto blocks hack attempts. Would love my Smoothwall to…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Layer 7 rules should be both allow and deny

    Presently (Kennilworth) layer 7 filtering can only be applied to deny rules. This doesn't seem helpful to organisations that begin with a "block all ports and open only what we need" strategy which seems to be the most common strategy.

    It would be most helpful (and an excellent selling point) if we could just allow Dropbox or Skype or WhatsApp with the bare minimum of effort.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →

    Currently this is not possible to achieve, as layer7 relies on allowing a few “unknown” packets through before we get an idea of what the traffic is. As such, you can’t work out what the traffic is until too late for an “allow”.

    We’re looking at Layer7 options that provide a “first packet ID” but this is early stages

    Tom

  13. bandwidth module improvements "Policing"

    The current Bandwidth Module provides "shaping" which is only good for outbound connections. Its a store and forward from my understanding.

    Policing on the other hand can be applied to both inbound and outbound connections. It relies on IP (i believe) to slow down the connection by dropping packets. (Would only be good for TCP) It would be great if we could limit inbound and outbound based on External and Internal ip addresses. Currently inbound connections can flood the whole RED adapter.

    Example an internal address requests data from say Microsoft Updates. The Max connection rate will be used to…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bulk import of IP addresses

    When adding IP blocks, it would be useful to import from CSV rather than adding line by line

    I have 6000 addresses i need importing

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Intrusion Prevention: Correcting False Positives

    When there is a false positive block on the IPS, it would be very helpful if there was an easy way to hit "allow" or "unblock". Currently, I have to get the SID, and manually drag through all the policies to find the one policy to 'uncheck'. I use browser hacks, such as "CTRL F" but that is slow and cumbersome.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Foreign Country IP Blocking Dynamic List / Geo Blocking

    Most Firewalls allow you to select which countries you would like to block. I can manually add a subnet but each country generally has like 200 subnets to type in. It would nice to select what countries you would like to block and have that list part of a definition file that gets updated like the content filter.

    115 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    48 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improved Firewall Logging

    Logging should show if the "Log line" is for a deny or allow it should also specify which rule processed it. There should also be an option to turn up or down logging to give greater/lesser information

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  18. CNAME in DNS

    Networking > Configuration > DNS > Static DNS hosts

    I can add a host IP address, but not a CNAME record.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Firewall rule with timeslot.

    Add a time slot in the firewall rules. We have multiple customers who wants it. Some customers want to disable a part of the network at night. An other customer wants to block everything in the firewall at sunday.

    54 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
    Chris Humby responded

    Unfortunately we couldn’t fit this into the firewall improvement work included in the Inverness release.

    It’s still on our radar though and we’ll consider it in our future firewall road map.

  20. Bonding/Teaming 2 interfaces together to improve bandwidth, whilst both interfaces still have the same IP.

    Bonding/Teaming 2 interfaces together to improve bandwidth, whilst both interfaces still have the same IP.

    This would enable the smoothwall to be plugged into the same switch twice, and double the bandwidth available to the smoothwall on a given network. (This does require the network infrastructure to handle this bandwidth)

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Smoothwall Filter (On Premise)

Feedback and Knowledge Base