Smoothwall Filter (On Premise)

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Auth Diagnostics to drop checks for trusted domains

    Add a check box under the authentication server configuration to disable checking trusted domains under the "Active directory" authentication method.

    This has been seen as an issue where there are a large number of domains in a forest e.g. School Academy Trusts and where open routing is not allowed across the trust network for seucrity reasons the Authentication Diagnostics currently takes a long time to return.

    The recent update has reduced the reboot and auth service restart timescales, but the diagnostics still include this functionality.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Require authentication based on when

    we share our campus and network with our church. After school hours, we have many users on campus that do not have credentials that they can use to authenticate against. Being able to not require authentication at certain times would allow those people access, while allowing me to continue monitoring student traffic.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow squid error pages to be customised.

    The requested URL could not be retrieved

    While trying to retrieve the URL: http://dsdsdsdsasadsschee.com/

    The following error was encountered:

    Unable to determine IP address from host name for dsdsdsdsasadsschee.com

    The dnsserver returned:

    Name Error: The domain name does not exist.

    This means that:

    The cache was not able to resolve the hostname presented in the URL.

    Check if the address is correct.

    Your cache administrator is $foo.

    --------

    This breaks their minds and they ask for the random website to be unblocked because "the proxy said something".

    Suggestions:

    1) Allow Squid to serve custom error pages, either locally or from…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  4. Different Login Timeouts for different groups

    Be nice to be able to set (for example) staff to all day login timeout (especially if they're on their own PC) and have students set the length of a lesson.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add blocked username to Recent blocks dashboard.

    This would make the section meaningful and save me having to perform constant searches to identify rogue users.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to have DHCP Server running on a smoothwall update DNS records

    Currently DHCP server running on the smoothwall does not have the capability to update DNS servers records. Exstending this functionality would be useful to help keep DHCP and DNS records in sync.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to limit access to Facebook.com to selected Facebook accounts

    Allow certain accounts eg. Organisation Facebook accounts access to Facebook but no others.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  8. Kerberos Auth: hide computer accounts on active users

    Since switching to Kerberos auth, the active users page (under Services > Auth) lists all the computers that have connected to the internet whilst idling.,This makes the list massively long, so it would be handy to have a checkbox (or w/e) to hide any result with a $ in the username.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Option to disable ICMP redirects from Smoothwall

    When using a Smoothwall alongside an existing default gateway/firewall on the same local network the Smoothwall will send ICMP redirects to the clients informing them the to use the alternative route.

    This could be unhelpful when using the Smoothwall as the client gateway with transparent filtering for example.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Options to configure interface speed and duplex

    Some devices (in particular some older Cisco routers) seems to struggle with auto negotiation and require ethernet interface speed and duplex to be manually configured.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make guardian listen to x-forwarded headers for authentication/filtering

    Make guardian lissen to x-forwarded headers for authentication/filtering. This will give the guardian the ablility to know the true IP of a user if the device that is NATTING the user has the ability to send the x-forwarded header

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  12. Incorporate wireless access point functionality into UTM devices

    For small offices where a UTM-100 or 300 is in use, incorporate an access point so that remote branches can be centrally managed for wireless access as well as filtering.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Require a username and password to uninstall Mobile Guardian from a users machine

    Users who have requested Admin access on their laptops and have been granted the access are currently able to remove mobile guardian from their laptops.
    It should require another username and password (preferably the mgclient username and password which was used on setup) to stop the user from being able to uninstall mobile guardian.
    If by some how, they have removed mobile guardian, there should be a way which stops the user from browsing what so ever until they bring it back to the mobile guardians home location and ask a sysadmin to reinstall it for them.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  14. Searching the IDS/IPS rules is absolutely necessary

    In the IDS and IPS policies it would be really nice if you could search the policies for a text string, because there are SO many rules and it takes forever to find the one you are looking for.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Documentation or web GUI to show further details as to what is in each section for replication

    Linked in with: http://smoothwall.uservoice.com/forums/145832-general/suggestions/3166354-separate-authentication-archive-settings

    But to have better documentation about what is and isn't in each setting that can be backed up - for example a definitive table.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Internal/External Primary and Secondary DNS with resiliance

    Query from customer: "My question to smoothwall is under the bonnet can we set dns to use twin internal primary dns ip's and twin external dns ip's ? to bring back the resilience."

    In essence, a Primary Primary / Primary Secondary and Secondary Primary / Secondary Secondary DNS server setup

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Separate authentication archive settings

    Replication of Auth- Auth Settings is fine, however this does not help in a mixed environment as it replicates the Authentication method i.e. LDAP or NTLM, not just the group mappings.

    Solution is that we need to septate the group relationships and the Authentication settings.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Central Management, Clustering & HA  ·  Flag idea as inappropriate…  ·  Admin →
  18. Block/Alert about reports being sent when there is no content in the report

    When the import engine is behind, and a scheduled report is sent out, it is sent out with incomplete or no data.

    When scheduled reports are sent straight out to management, we look a bit stupid to have done this.

    I would suggest that the reporting engine checks that the importing process is up to date for the end date of the requested report, and alerts - doesn't send out the report - or provides a suitable warning in the report, when it knows that the data is incomplete

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. Youtube HTML5 Cookie

    Could apply to other cookies as well, but having the option to override cookies for specific sites, for example to set Youtube HTML5 mode across a whole location (ie a room of Macs) via cookie modification.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
  20. Exclude your ISP's dns from IDS checks

    We are currently getting a lot of "Potential DNS Command and Control via TXT queries" going from us to our ISP's primary dns server. I doubt that there is anything bad going on and i think it is more likely to be our 2 internal dns servers talking to our ISP.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base