+ Post New Thread
Results 1 to 15 of 15
Internet Related/Filtering/Firewall Thread, Our experiences with Sophos Web Filter in Technical; We purchased the Sophos Web Filter about 8 months ago. We moved to Sophos because we previously had M86 and ...
  1. #1

    Join Date
    May 2009
    Posts
    28
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    12

    Our experiences with Sophos Web Filter

    We purchased the Sophos Web Filter about 8 months ago. We moved to Sophos because we previously had M86 and it was a nightmare. It was so bad we pulled the product out after only 6 months and demanded our money back from M86. From what I've heard they were purchased by another company a while back so I don't know if their product has gotten any better. I highly doubt it considering how bad it was before.
    We also used to have Websense (a very old version) and we would have liked to keep it but we couldn't afford it.

    I recently came across this raving review on edugeek about the Sophos filter :
    [Review] : Sophos Web Appliance

    and I feel that people should know the issues we have faced with this product
    • Logging is not real time. There is a delay of several minutes before you are able to see traffic in the web gui for troubleshooting. This is also true for Sophos support on the backend when they SSH into the appliance. You sit on the phone with them for several minutes every time you want to test a workstations traffic.
    • There is no way to bypass traffic being scanned by this appliance. You can allow any/all categories, but there are several that Sophos does not allow you to "allow" thus you are never actually allowing ALL traffic through the filter.
    • There is no way to turn off scanning on files that are downloaded. For files that are larger than about 10MB sophos displays this awful "download" page then makes you sit there while it "scans" the file. Then once its finished you have to download the file AGAIN from the appliance. You are effectively clicking download for the file twice every single time.
    • The filter cannot unblock self signed certificates. Sophos' default behavior is to block self signed certs and there is no way to change this. We have had to completely disable HTTPS scanning on the filter.
    • Loading configuration pages takes 10+ seconds for every page. Nothing is snappy in this GUI.
    • Running reports takes between 30-45 seconds every single time you run a report. Doesn't matter if it's big or small. We have had to reduce our reporting down to only keeping the most recent 3 months because the filter fills up it's hard drive. *Sophos' tech supports solution to this is to just keep increasing the hard drive space for the appliance.
    • The block pages cannot be customized to remove the Sophos logo and branding. You can use a custom HTML page but if you do you lose the ability to use variables like username, ip of the machine, category being blocked, etc. If you use the sophos block page the XML cannot be modified to remove the sophos logo and copyright branding. Sophos does not consider security through obscurity a sound best practice.
    • Customer support is terrible. We had the filter stop passing traffic 3 days ago which caused our entire district internet to be unavailable. After 3 calls sitting on hold a combined 52 minutes we were finally able to get through to a technician. The technician blamed the fact the appliances hard drive had filled up with reports on it no longer passing traffic. Sophos apparently has no way to prune old logs if the HD becomes full so as to not completely break the appliance.
    • When calling support (7 times in the past 2 months) for various issues with the filter I have not once every had them say the problem was actually with the filter. They will blame everything else other than their product. They have blamed our network, our firewall, our internet connection, our Hard Drive space, etc. Everything except their product.
    • Because of the inability to ignore self signed certs we had an issue last month with the filter that it stopped allowing Microsoft Windows Activations because of some hiccup with the web filter not liking the way a Microsoft certificate on their activation servers was signed. This caused severe delays in our imaging project for a deployment of 500 laptops. It took Sophos 3 weeks to figure out a solution. Their solution? Add every single MS activation domain to the ignore list. *Screenshot attached


    I should point out that Sophos has ZERO plans to address any of the issues above. I have brought every single one of them to their attention and I have been blown off. Just hope anyone who sees this will understand that this product is not all that its cracked up to be.

    local site list.jpg
    Screenshot of our ignore list after Sophos took 3 weeks to try and figure out why we couldn't activate windows.
    Last edited by witch; 14th June 2013 at 07:45 AM.

  2. #2


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,681
    Thank Post
    279
    Thanked 783 Times in 610 Posts
    Rep Power
    224
    While I enjoy a rant as good as the next person, and I have no horse in this race, there's a couple of differences between the reviewer's deployment and yours.

    He's using a WS1100 (specced for up to 1200 users with 300-600 concurrent users). If your argument is "we're using it for an entire school district and it's slow", your credibility took a nosedive.

    A better question would be "is the kit we purchased suitable for a network of the size we've deployed it on?". Maybe also the "wait, we're using a single point of failure to provide filtering for a school district? Who thought that was a good idea?" question needs addressing.

    That doesn't mean it isn't a terrible product, but you're not comparing apples to apples.
    Last edited by pete; 29th November 2012 at 12:23 PM.

  3. #3

    Join Date
    May 2008
    Location
    Kent
    Posts
    544
    Thank Post
    26
    Thanked 73 Times in 64 Posts
    Rep Power
    28
    I was going to reply to each of those points but cant be bothered the simple fact is we have been using WS1100 for over a year and have none of those issues. Alot of what you have described is solved by using the trusted sites list and setting up sensible connection profiles. The issues with performance we certainly dont have with our ws1100 which copes fine and reports run in seconds.

  4. #4

    Join Date
    May 2009
    Posts
    28
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    Quote Originally Posted by pete View Post
    He's using a WS1100 (specced for up to 1200 users with 300-600 concurrent users). If your argument is "we're using it for an entire school district and it's slow", your credibility took a nosedive.
    We are using the virtual appliance. Hardware and concurrent connections makes no difference. Our "appliance" has available to it dual quad cores with 8GB of ram and 120GB for the HD that I gave the VM. It is the only VM on the physical host. It is more than capable of running an entire district (5 schools).

    Slowness issues aside, there are still serious faults with this product. Go try and run a real time traffic report (m86 and websense can do this)
    Try and remove the sophos branding from the block pages
    Try and turn off scanning downloaded files
    Try and get the appliance to ignore traffic completely (not just allow categories, but actually ignore traffic)

    It can't do any of those things.
    Last edited by cyr0n_k0r; 29th November 2012 at 09:17 PM.

  5. #5

    Join Date
    May 2008
    Location
    Kent
    Posts
    544
    Thank Post
    26
    Thanked 73 Times in 64 Posts
    Rep Power
    28
    Our WS1100 also serves around 600 concurrent users and we have no performance issues, have you tried a physical appliance?

  6. #6

    Join Date
    Jun 2013
    Posts
    2
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    - Logging is not real time.
    Reporting is not realtime and the dashboard can take few minutes. Support with SSH should be able to see real time logging.

    - There is no way to bypass traffic being scanned by this appliance. You can allow any/all categories, but there are several that Sophos does not allow you to "allow" thus you are never actually allowing ALL traffic through the filter.
    There are some security categories that should never be allowed. If there are specific sites that you want to allow that are one of these categories, use the LSL. Why would you buy a security product if you want to allow all traffic with no antivirus or security filter?

    - There is no way to turn off scanning on files that are downloaded. For files that are larger than about 10MB sophos displays this awful "download" page then makes you sit there while it "scans" the file. Then once its finished you have to download the file AGAIN from the appliance. You are effectively clicking download for the file twice every single time.
    Configure | Accounts | Notification Options | Display patience page when scanning large files
    This will turn off the download webpage. It will still do an antivirus scan (why would you want to turn it off). The appliance needs to download the entire file from the webserver onto the appliance before it does a virus scan so the two stage download still occurs but is invisible to the user. If you absolutely trust a specific site and don't want to virus scan that site then put it in the LSL as trusted.

    - The filter cannot unblock self signed certificates. Sophos' default behavior is to block self signed certs and there is no way to change this. We have had to completely disable HTTPS scanning on the filter.
    Global Policy | Certificate Validation
    Add yourself as a root signing authority.

    - Loading configuration pages takes 10+ seconds for every page. Nothing is snappy in this GUI.
    Should be snappy. You are probably not running on appropriate hardware/VM configuration. VM configuration is complex and small misconfigurations can cause performance issues. I don't know if you've got a good configuration or not, once you decide to run it in a VM you take responsibility for configuring it. Make sure that you've gone through the "Virtual Web Appliance Startup Guide". Saying that hardware and concurrent connections makes no difference to performance means you don't understand the system.

    - Running reports takes between 30-45 seconds every single time you run a report. Doesn't matter if it's big or small. We have had to reduce our reporting down to only keeping the most recent 3 months because the filter fills up it's hard drive. *Sophos' tech supports solution to this is to just keep increasing the hard drive space for the appliance.
    I have no idea how many users you have. For a VM with 1200 users the recommended Hard drive is 250MB. The WS1100 comes with a 1000 MB drive. You have 120MB and are complaining that it fills up. Hard drives are cheap, the smallest you can normally buy is 500MB so don't complain if you are running a server on a hard drive smaller than an iPad.

    - The block pages cannot be customized to remove the Sophos logo and branding. You can use a custom HTML page but if you do you lose the ability to use variables like username, ip of the machine, category being blocked, etc. If you use the sophos block page the XML cannot be modified to remove the sophos logo and copyright branding. Sophos does not consider security through obscurity a sound best practice.
    Custom HTML can remove branding and you can can use variables to put in everything (such as category being blocked) in. You can do whatever you want (granted you need to know HTML and basic programming concepts). Security through obscurity is a horrible practice.

    - Customer support is terrible. We had the filter stop passing traffic 3 days ago which caused our entire district internet to be unavailable. After 3 calls sitting on hold a combined 52 minutes we were finally able to get through to a technician. The technician blamed the fact the appliances hard drive had filled up with reports on it no longer passing traffic. Sophos apparently has no way to prune old logs if the HD becomes full so as to not completely break the appliance.
    I cannot comment, although I believe you get a Yellow and Red alert with emails before the hard drive is full. Get a bigger drive and don't ignore alerts.

    - When calling support (7 times in the past 2 months) for various issues with the filter I have not once every had them say the problem was actually with the filter. They will blame everything else other than their product. They have blamed our network, our firewall, our internet connection, our Hard Drive space, etc. Everything except their product.
    I don't know your situation so I cannot comment too much. I will say you are running on a very small hard drive, and you have 5 schools which I presume are at 5 different locations going through a single appliance then network configuration and bottlenecks can be a problem.

  7. #7
    speckytecky's Avatar
    Join Date
    May 2006
    Location
    UK
    Posts
    2,564
    Thank Post
    3,469
    Thanked 286 Times in 215 Posts
    Blog Entries
    3
    Rep Power
    116
    Our excellent MOD @witch recently posted some very wise words about the need for caution when offering critique on suppliers products - needed on this thread I'd suggest?

  8. Thanks to speckytecky from:

    witch (14th June 2013)

  9. #8

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,216
    Thank Post
    1,455
    Thanked 2,517 Times in 1,754 Posts
    Rep Power
    755
    TBH the OP is reporting what he has experienced. I would change the title and the sentence about how the product really works and maybe make the tone a bit more "these are the issues we have faced", especially when some replies would seem to indicate ways to sort out these issues.
    But it is up to the OP

  10. #9
    Ozofriendly's Avatar
    Join Date
    Mar 2013
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I'd like to add my tuppence worth in defense of the virtual SWA.

    I trialed Symantec, McAfee, Trend and Sophos recently, all virtual appliances in ESX5, and we felt that in spite of the apparent sophistication of its competitors, particularly in terms of granular policy management and reporting, the greatest strength of the SWA was its simplicity. SWA was far and away the quickest and easiest to deploy and configure and we were up and running in production inside 45 minutes. The admin GUI is among the cleanest and most intuitive I've used and, so far, browsing performance has been excellent. Sure, I wished that some of the bells and whistles I liked in the others were available in the Sophos solution, such as HTTP inspection policies or allowing blocked URL categories to be accessed with a password. In the end though these features were all icing. The Sophos appliance did everything we wanted a web gateway to do quickly, easily, competently and cost-effectively. So we picked it.

    I'm sorry that the OP had a bad experience, but I have to say, for an SMB/SME with limited administrative resources, Sophos' Web Protection should be given a fair go.

    Incidentally, I wanted to trial the Websense solution, but they don't have a VMWare image ready to deploy for the likes of us. I would have had to run up a Red Hat Enterprise Linux Server - along with all its attendant maintenance - as well as a finding a suitable Windows Server to host their heavy management and reporting software. I only mention it because my Websense rep was very heavy handed in his sales pitch and unashamedly damning of Sophos, claiming that it was nothing more than a URL filter, performing none of the traffic inspection that would qualify it as a true Web Security Gateway. This market, like many other security product markets, is subject to a lot of aggressive salesmanship and misinformation.

    As ever, be certain of the business requirement and capacity to deliver, do your research, evaluate as thoroughly as you can and take everything the salesmen say with a dose of salt.

  11. #10

    Join Date
    May 2009
    Posts
    28
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    I'd like to revisit this post after another year of having the Sophos product. We have now had the Sophos product for almost 2 full years and my opinions on this product have not changed at all. I'll address randomguy's post since he seems to offer the most complete point by point of my original post.

    Quote Originally Posted by randomguy View Post
    - Logging is not real time.
    Reporting is not realtime and the dashboard can take few minutes. Support with SSH should be able to see real time logging.
    Incorrect. Support with SSH access still cannot see realtime. I have been told by support that there is a cron job that runs only every few minutes that flushes the logs to disk and it's only then that support can tail the logs to see the traffic.

    Quote Originally Posted by randomguy View Post
    - There is no way to bypass traffic being scanned by this appliance. You can allow any/all categories, but there are several that Sophos does not allow you to "allow" thus you are never actually allowing ALL traffic through the filter.
    There are some security categories that should never be allowed. If there are specific sites that you want to allow that are one of these categories, use the LSL. Why would you buy a security product if you want to allow all traffic with no antivirus or security filter?
    Because I have servers and other devices on my network that don't play well with a 3rd party device interfering with their traffic flow. This was especially a problem with our food service contractors time clocks. The time clocks go out on the internet every night and upload the employee punches to some database in Europe. Our food service employees almost missed payroll one pay period trying to figure out this stupid issue because of the Sophos filter.

    Quote Originally Posted by randomguy View Post
    - There is no way to turn off scanning on files that are downloaded. For files that are larger than about 10MB sophos displays this awful "download" page then makes you sit there while it "scans" the file. Then once its finished you have to download the file AGAIN from the appliance. You are effectively clicking download for the file twice every single time.
    Configure | Accounts | Notification Options | Display patience page when scanning large files
    This will turn off the download webpage. It will still do an antivirus scan (why would you want to turn it off). The appliance needs to download the entire file from the webserver onto the appliance before it does a virus scan so the two stage download still occurs but is invisible to the user. If you absolutely trust a specific site and don't want to virus scan that site then put it in the LSL as trusted.
    Yes, I know all about disabling the patience page. what you fail to mention however is that with the patience page disabled, when a user tries to download a 100mb file and they click "download" on the web page NOTHING HAPPENS. That is because the appliance is downloading the file without telling the user what its doing. In other words, the user thinks they accidentally didn't click the link and keep trying. Eventually giving up thinking the download link is broken which is another ticket to my helpdesk.

    Quote Originally Posted by randomguy View Post
    - The filter cannot unblock self signed certificates. Sophos' default behavior is to block self signed certs and there is no way to change this. We have had to completely disable HTTPS scanning on the filter.
    Global Policy | Certificate Validation
    Add yourself as a root signing authority.
    This isn't for our own internal SSL's. It's for out on the internet. However I will admit that turning off this feature has not severely impacted our environment as much as I thought it would last year.

    Quote Originally Posted by randomguy View Post
    - Loading configuration pages takes 10+ seconds for every page. Nothing is snappy in this GUI.
    Should be snappy. You are probably not running on appropriate hardware/VM configuration. VM configuration is complex and small misconfigurations can cause performance issues. I don't know if you've got a good configuration or not, once you decide to run it in a VM you take responsibility for configuring it. Make sure that you've gone through the "Virtual Web Appliance Startup Guide". Saying that hardware and concurrent connections makes no difference to performance means you don't understand the system.
    See my next response below:

    Quote Originally Posted by randomguy View Post
    - Running reports takes between 30-45 seconds every single time you run a report. Doesn't matter if it's big or small. We have had to reduce our reporting down to only keeping the most recent 3 months because the filter fills up it's hard drive. *Sophos' tech supports solution to this is to just keep increasing the hard drive space for the appliance.
    I have no idea how many users you have. For a VM with 1200 users the recommended Hard drive is 250MB. The WS1100 comes with a 1000 MB drive. You have 120MB and are complaining that it fills up. Hard drives are cheap, the smallest you can normally buy is 500MB so don't complain if you are running a server on a hard drive smaller than an iPad.
    This entire answer shows you have no idea what you're talking about. If you don't understand the difference between a Megabyte (MB) and a Gigabyte (GB) then you don't understand the system.

    Quote Originally Posted by randomguy View Post
    - The block pages cannot be customized to remove the Sophos logo and branding. You can use a custom HTML page but if you do you lose the ability to use variables like username, ip of the machine, category being blocked, etc. If you use the sophos block page the XML cannot be modified to remove the sophos logo and copyright branding. Sophos does not consider security through obscurity a sound best practice.
    Custom HTML can remove branding and you can can use variables to put in everything (such as category being blocked) in. You can do whatever you want (granted you need to know HTML and basic programming concepts). Security through obscurity is a horrible practice.
    Unless variables have been added in any recent version that I'm unaware of HTML pages still cannot contain Sophos variables as of 11/6/2013. Security through obscurity is a foundational security practice and once again you're showing you have no idea what you're talking about.

    Quote Originally Posted by randomguy View Post
    - Customer support is terrible. We had the filter stop passing traffic 3 days ago which caused our entire district internet to be unavailable. After 3 calls sitting on hold a combined 52 minutes we were finally able to get through to a technician. The technician blamed the fact the appliances hard drive had filled up with reports on it no longer passing traffic. Sophos apparently has no way to prune old logs if the HD becomes full so as to not completely break the appliance.
    I cannot comment, although I believe you get a Yellow and Red alert with emails before the hard drive is full. Get a bigger drive and don't ignore alerts.
    I agree. We have since added over 500 GB (Gigabytes) to the virtual appliance and logging issues are no longer an issue.

    Quote Originally Posted by randomguy View Post
    - When calling support (7 times in the past 2 months) for various issues with the filter I have not once every had them say the problem was actually with the filter. They will blame everything else other than their product. They have blamed our network, our firewall, our internet connection, our Hard Drive space, etc. Everything except their product.
    I don't know your situation so I cannot comment too much. I will say you are running on a very small hard drive, and you have 5 schools which I presume are at 5 different locations going through a single appliance then network configuration and bottlenecks can be a problem.
    See comment above about how you don't understand the difference between a MB and GB.

    After everything is said and done we rebuilt our virtual appliance about 6 months ago and moved it over to a new ESX host with dual octacores and gave the appliance 16GB of ram and a 500GB virtual hard drive partition. Performance is much snappier now, however I stand by my previous statements.
    As of 11/6/2013 you STILL cannot
    1) disable the appliance from scanning downloaded files
    2) use variables in non branded block pages
    3) support is STILL AWFUL. Every single time we call we sit on hold for 30-40 minutes and every single time we are told "we're having unusually high call volume"
    It's non unusually high if its every single time. Hire some more people!

  12. #11

    Join Date
    May 2008
    Location
    Kent
    Posts
    544
    Thank Post
    26
    Thanked 73 Times in 64 Posts
    Rep Power
    28
    I must admit my view on the appliance having had it a few years now isn't entirely positive, there are a number of things not working properly for us and support aren't great although I've not had any issues getting through.

  13. #12
    zag
    zag is online now
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,905
    Thank Post
    954
    Thanked 447 Times in 377 Posts
    Blog Entries
    12
    Rep Power
    92
    I wrote the original review and have also changed my mind (its been 2 years).

    Our sophos died and they sent us a refurb one which simply didn't work. Support were really bad and slow to send anything out, eventually I gave up trying to get a working replacement.

    We bought a smoothwall and although the interface is incredibly complicated it does work quite well.

    Both solutions have good and bad points.
    Last edited by zag; 7th November 2013 at 10:47 AM.

  14. #13

    Join Date
    May 2008
    Location
    Kent
    Posts
    544
    Thank Post
    26
    Thanked 73 Times in 64 Posts
    Rep Power
    28
    I'm going to look at smoothwall along with some other solutions again in the new year, I know everyone raves about smoothwall but the last time I looked at it much like yourself I was less than impressed with the interface.

  15. #14


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 854 Times in 675 Posts
    Rep Power
    197
    Anything you think would be useful in terms of UI improvements, my DDI is in my 'sig - please drop me a line by email or phone and we will do what we can to improve - there is a programme of improvements on the go at the moment, but the more feedback we get the better that will be

  16. #15

    Join Date
    Jun 2013
    Posts
    2
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by cyr0n_k0r View Post
    I'd like to revisit this post after another year of having the Sophos product. We have now had the Sophos product for almost 2 full years and my opinions on this product have not changed at all. I'll address randomguy's post since he seems to offer the most complete point by point of my original post.
    Though forums can get pickly, I welcome any discussion. I would rather steer this conversation towards a solution that makes you (and anyone else who reads) happy rather than have this disentigrate into a flame war.

    Incorrect. Support with SSH access still cannot see realtime. I have been told by support that there is a cron job that runs only every few minutes that flushes the logs to disk and it's only then that support can tail the logs to see the traffic.
    Raw logging is realtime, there is a cron job that runs every few minutes and takes the raw log and converts them to another format for reporting and dashboard. Depending on what data you are trying to find it might be easier for Support to look at the reports rather than the raw logs. Note that if you are using Endpoint or a cluster then logging may indeed not be realtime as they need to sychronize.

    It may be that for your problem, when talking to your support person, report logging was better to look at than raw logs. I know for me, raw realtimes logs have been possible. Regardless, this would only be an issue for support. Do you find that this impacts your normal operation?

    Your experience with Support is not the same as mine. Do you know if you are using actual Sophos support (eg talking to a Sophos employee) or are you going through a partner or reseller?

    Because I have servers and other devices on my network that don't play well with a 3rd party device interfering with their traffic flow. This was especially a problem with our food service contractors time clocks. The time clocks go out on the internet every night and upload the employee punches to some database in Europe. Our food service employees almost missed payroll one pay period trying to figure out this stupid issue because of the Sophos filter.
    I thought you were asking to turn off all filtering and antivirus everywhere. To turn it off for a particular site, create a Local Site List entry, tag it will Globally Allow, and set it to Trusted. Trusted sites do not get virus scanned, do not have file type blocking, and the download appears to start immediately. You effectively now allow ALL traffic through the filter for that site.

    The SWA should by default scan everything except for what you tell it not to. It cannot predict which sites you will have trouble with 3rd party devices - you need to tell it which sites to turn off scanning for. Default scan, except when told ahead of time not to. This would be (IMO) sound practice.

    Tom_Newton - how does Smoothwall do this? Can you turn off all scanning for a site? For a client (eg a specific computer)? Across the board?

    Yes, I know all about disabling the patience page. what you fail to mention however is that with the patience page disabled, when a user tries to download a 100mb file and they click "download" on the web page NOTHING HAPPENS. That is because the appliance is downloading the file without telling the user what its doing. In other words, the user thinks they accidentally didn't click the link and keep trying. Eventually giving up thinking the download link is broken which is another ticket to my helpdesk.
    You say that you hate the "awful" download page so you turn it off. Then you say the appliance is downloading it without telling the user what it is doing. It kinda feels like you are asking for it both ways.

    The SWA must download the file and scan it before giving it to the client computer. You cannot properly scan a file until you have all of it. I don't really know any of the competitors products, but is there anyone else who does antivirus scanning on the gateway and also starts the download to the client immediately? Tom can you answer for Smoothwall - do you have "immediate" downloads?

    One thing - if you are using Sophos Endpoints then all filtering and AV is done on the windows computer itself, and downloads will appear to start immediately.

    This isn't for our own internal SSL's. It's for out on the internet. However I will admit that turning off this feature has not severely impacted our environment as much as I thought it would last year.
    If there is someone out there with a self signed cert, can't you add it on the "Certificate Validation". AFAIK this would the allow the cert even though it is improperly signed. I admit this is not my area of expertise or maybe I don't understand what you need.

    This entire answer shows you have no idea what you're talking about. If you don't understand the difference between a Megabyte (MB) and a Gigabyte (GB) then you don't understand the system.
    ...
    I agree. We have since added over 500 GB (Gigabytes) to the virtual appliance and logging issues are no longer an issue.
    I admit that I mistyped MB as GB. Give me a break - do you think I don't actually know the difference? If you fix my typo then the reply stands - 120GB is small. It sounds like you've bumped it up and your problems have been resolved.

    You can use a custom HTML page but if you do you lose the ability to use variables like username, ip of the machine, category being blocked
    ....
    Unless variables have been added in any recent version that I'm unaware of HTML pages still cannot contain Sophos variables as of 11/6/2013.
    Maybe I don't understand what you are asking for. In help under "Block Page Template"
    %%user_name%%: This page element key provides the name of the user who has made the request for the blocked page, as provided by Active Directory. If Active Directory is not available, the IP address from which the request was made will be displayed instead.
    %%user_ip%%: This page element key provides the IP address from which the request for the blocked page has been made.
    %%sophos_block_text%%: This page element key provides the reason that a requested page has been blocked.

    Are those not the variables you were asking for? They've been there for 2+ years. If those are not what you are asking for - can you explain? As I started off by saying I would rather genuinely help you rather than argue with you.

    Security through obscurity is a foundational security practice and once again you're showing you have no idea what you're talking about.
    This is a debate throughout the security community and we'll have to agree to disagree on this one.

    After everything is said and done we rebuilt our virtual appliance about 6 months ago and moved it over to a new ESX host with dual octacores and gave the appliance 16GB of ram and a 500GB virtual hard drive partition. Performance is much snappier now, however I stand by my previous statements.
    As of 11/6/2013 you STILL cannot
    1) disable the appliance from scanning downloaded files
    2) use variables in non branded block pages
    3) support is STILL AWFUL. Every single time we call we sit on hold for 30-40 minutes and every single time we are told "we're having unusually high call volume"
    It's non unusually high if its every single time. Hire some more people!
    1) You can disable the appliance from scanning downloaded files from domains that you specify. I agree that you cannot disable A/V based on the source (eg don't do scanning for this laptop) or disable A/V across the board. For example it is common to set your own internal servers as Trusted. Theoretically you could set the entire .com TLD as trusted to turn of A/V and all protection - although at the point you are just getting a proxy without any security.
    2) If you want, I'm willing to try to help you on this.
    3) I can't comment on this. If true, then I agree it sucks although I don't know if anyone else is better. Again, are you talking to Sophos itself or a partner/reseller?

  17. Thanks to randomguy from:

    Dos_Box (8th November 2013)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 19th March 2012, 08:58 AM
  2. Sophos Web Filtering
    By Soulfish in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 10th March 2011, 09:21 AM
  3. Which Web Filter for ISA 2004?
    By eejit in forum Windows
    Replies: 9
    Last Post: 16th June 2006, 10:37 AM
  4. Web Filtering
    By SpuffMonkey in forum How do you do....it?
    Replies: 20
    Last Post: 17th May 2006, 09:10 PM
  5. Web Filtering
    By pooley in forum Windows
    Replies: 38
    Last Post: 1st April 2006, 12:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •