Smoothwall UTM/SWG

Any and all ideas and feedback for Smoothwall

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Have a 'who' option on web proxy - auth - manage policies to be able to restrict who can / cannot login to a specific interface.

    Have a 'who' option on web proxy - auth - manage policies to be able to restrict who can / cannot login to a specific interface.

    The idea behind this would be to restrict which members of specific groups can login, so for example if you want everyone to login the who would be 'everyone' but if you wanted to setup a sixth form wireless and only members of sixth form could login you could select who as 'sixth form' and every member of every other group you have would be blocked from using this interface.

    10 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • The ability to open certain IP ports at specific times

      I'm thinking specifically about Skype. Being a boarding school management think it important that Skype be available for students to contact home on an evening. Being able to specify certain ports to open on an evening would facilitate this.

      12 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Flag idea as inappropriate…  ·  Admin →
      • 1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Mobile Devices  ·  Flag idea as inappropriate…  ·  Admin →
        • Reports based on location

          Allow reporting to be refined by policy-object location - eg "what sites was prof.plum visiting in the_library?" (leadpipe.com as it turns out)

          9 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
          • Seperate IPS policy per port forward

            At present it seems like if you want to enforce IPS on a port forward, you tick one box which applies ALL of the active policies upon the port. This can be unbelievably confusing, especially when trying to troubleshoot which policy is causing a problem. Hopefully there's a way to drill these options down to select which policies apply to each port separately.

            8 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Shutdown button in GUI warning message

              When you click in the GUI on the shutdown button, the SW will go down. It would be nice if you first get a message if you are sure.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • 15 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
                • Audit control for bypass access of admin capable users

                  Audit control, or logging, for bypass access of admin capable users. The customer would like to be able to track when staff use the “bypass feature” to gain or allow access to blocked URL’s.

                  2 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                  • Get Expired Bans on the Portal to disappear after a certain time period

                    At current, after Temporary bans expire, they stay until a Smoothwall Admin clears the expired bans on the Web Control Panel.
                    A few users have requested that expired bans should disappear after a set period of time say 24 hours.

                    14 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      under review  ·  0 comments  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
                    • Avoid truncating domain names in 'Top Domain' section of Dashboard

                      At the moment long domain names are truncated in the 'Top Domain' section of the Dashboard.

                      For example the domain
                      'o-o.preferred.iad09g05.v23.lscache5.c.youtube.com' is shown as 'o-o.preferred.iad09g05.v6.lsc'

                      In this case it is not possible to see the actual domain 'youtube.com' in the list.

                      Either reduce the white space in this area in order to show more text, or truncate the start of the domain name and use an ellipsis to show it has been truncated.

                      The domain name is more important to understand what is happening then sub domain name.

                      9 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
                      • Tick box to add IP to block list from IDS

                        We seem to be forever copying and pasting IP's from the IDS logs to notepad, and back into the IP block page. Is there a way of adding a tick box to the IDS/IPS pages to directly inject the IP to the block page? Something like what you've done on the firewall page.

                        4 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • can we add a password limit for trys on the ssh service after 3 attempts IP is blocked?

                          can we add a password limit for try's on the ssh service after 3 attempts IP is blocked? This is for use in an ISP type scenario where users are guessing the password after numerous attempts, so if we can block after so many attempts will stop this from happening

                          5 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow reports based on named time periods

                            Reports should include a filter on named time period - these are tagged in the logs so should be included to be reported on eg. "most web usage during core hours"?

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                            • Guardian should output or at least log warnings when DNS requests take a long time.

                              Seen in a recent ticket - if DNS forward or especially reverse lookups take a
                              long time to resolve, there can be severe browsing consequences, problems
                              accessing the proxy, loading IPTables etc.

                              Guardian should throw up a visual alert/warning in the web GUI, or at least log
                              a warning message in a log that will be clear for customers or support
                              engineers to see.

                              9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
                              • Link 'Top Domain' section of Dashboard to related reports

                                Link the entries in the 'Top Domains' section on the Dash Board to the reporting engine, so that you can click through to see who has been using the top domains.

                                For consistency this wants to be the same list of options that you get in the 'Top Domains' report.

                                4 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
                                • Email Queue doesn't show as much information that could be helpful

                                  The email queue doesn't have the space to show as much information as would be helpful. Half of the reason as to why the email is in the queue is truncated, which for some people, causes annoyance.

                                  6 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
                                  • On the Dashboard remove the heart beat IP addresses from the IP statistics section.

                                    On the Dashboard remove the fail over heart beat IP addresses from the 'Per IP Address Statistics'.They don't really belong with the rest of the network devices as they only communicate between themselves, and won't be sending data externally. Also the data volumes are well above what other nodes generate.

                                    They could be relocated to the 'Interface and Host Bandwidth' section, including a separate section for 'Fail Over' similar to how 'SSL VPN' appears here.

                                    Failing that, group them together in their own section.

                                    2 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Group or suppress domains used by a particular 'applications' in reports

                                      Web 'applications', for example Google maps call many other domains or sub domains during their use.
                                      For example maps.google.co.uk has repeated requests to:
                                      mt0.google.com
                                      mt1.google.com
                                      khm0.google.co.uk
                                      khm1.google.co.uk

                                      Similarly facebook.com stores photos at various sub domains of fbcdn.net

                                      I often see these appearing in the top domains list, where they reduce the number of 'real' domains that can appear in the list.

                                      It would be beneficial if they could be suppressed from the reports, or for bandwidth and hits purposes grouped with the calling domain.

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Improve HW failover to monitor connectivity and services

                                        Currently hardware fail-over requires a full failure of the primary system and to become unavailable on the heartbeat interface for it to switch over to the slave. This can mean a system with a failed filtering service or network interface will be left running instead of switching to the fail-over system.

                                        Ideally the fail-over system could be expanded to include monitoring enabled critical services for failure (Eg Guardian, VPN etc) and also network interfaces for loss of connectivity.

                                        31 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Central Management, Clustering & HA  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 22 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Guardian Filtering  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base