Why Web Reporting is the Big Winner in Sophos UTM 9.3

Today, Sophos announced the roll out of next version of Sophos UTM (9.3).

The new release includes some significant improvements to email protection, wireless and web protection, including features such as Policy Tagging, Time Quotas and Selective HTTPS filtering.  For more information, read the full blog post.

Log file changes in Sophos UTM 9.3

But the most exciting feature in UTM 9.3 from Fastvue's perspective is not even mentioned in the list of features or bug fixes. It is the addition of two new fields to the web filtering log files; Referer and User Agent (ua). Most exciting is the addition of the Referer field.

Why is logging referrer so exciting?

With the addition of the referer field, Fastvue Sophos Reporter will be able to provide significantly more useful web usage reports.

You may have noticed in your existing web reports, whether that is in Fastvue Sophos Reporter, the on-box reports, or even in the new Sophos iView, that the list of websites presented do not identify what websites were actually visited. Your reports show excessive usage to sites such as akamaihd.net, google-analtyics.com, optimizely.com, doubleclick.net and a long list of other 'junky' looking websites.

This is because when you visit a website, your browser may access dozens of other domains to retrieve images, adverts, scripts, social sharing buttons, perform visitor tracking, A/B testing, page optimization and so on. All of these hits to other domains end up in your Sophos UTM web filtering logs and are consequently shown in your web reports.

Introducing Fastvue Site Clean

With the addition of referer URL in the web filtering log files, Fastvue Sophos Reporter is able to more accurately identify the original website that a web resource came from.

This is part of our larger Fastvue Site Clean feature, which also integrates a frequently updated web service that identifies common CDNs, advertising and other web widgets that may still fall through the referrer chain.

Here's a quick animation demonstrating Fastvue Site Clean in action.

As you can see, the Site sections in Fastvue Sophos Reporter's Overview Reports will include a 'Cleaned' list of sites, as well as the normal 'logged' list of sites, and provide the option to view both of these side by side.

Allowing simple access to both the cleaned sites and the logged sites, makes troubleshooting why a site is blocked, allowed or categorized a certain way much easier.

For example, if an image on facebook.com was blocked because it came from an advertising domain, you want to know that the advertising domain was blocked, not facebook.com. But is also very useful to know that the image was viewed while looking at facebook.com.

The Fastvue Site Clean feature is part of Fastvue's ongoing commitment to improve the usefulness of web reporting as a tool for managing online productivity, bandwidth problems and giving you the additional visibility you need to efficiently secure your network.

For further comparisons between Fastvue Sophos Reporter and Sophos UTM / iView reports, see our comparison page.

When will Fastvue Site Clean be available?

We are actively working on the changes required to roll out our Site Clean feature to the Sophos Reporter product, and aim to release a beta of Sophos Reporter in November/December 2014. Make sure you are subscribed to our mailing list to be notified of the release!

Subscribe to our mailing list

Email Address

Product

• TMG Reporter
• Vantage Ultimate
• SonicWALL Reporter
• Sophos Reporter

For our TMG Reporter customers, you will also receive an update very soon with the Site Clean feature (we've been building & testing the feature using the TMG Reporter product for the past couple of months).

Downloading Sophos UTM 9.3

In the mean time, if you want to try out Sophos UTM 9.3 but you don't have the 'Up2Date' notification yet, the download links for the update packages and the ISO are not too hard to find via the Astaro forums.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]