I would like to share a short guide article that shows you how to configure Web Filtering on the Sophos Firewall OS (XG Series). This is the beginning of the series “Complete solution to protect the risk from web and application”
In the first part, I will describe the steps to active/customize HTTP scanning.
Content:
- Scanning malware (Sophos / Avira/ both)
- HTTP scanning rules
- Filtering by category/URL/File Type
Malware Protection
Sophos provides 2 engines to scan,you can choose one or both, when the both engine is activated, your performance will decrease.
Protection > Web Protection > Malware Protection **primary engine
Protection > Web Protection > Web Content Filter **single/dual Anti-Virus
HTTP scanning rules
By default, all traffic will be scanning, but in fact we can customize to skip a some secure domains. That will reduce the load of the system, so you can improve performance significantly.
Example for bypass rule for Microsoft Update:
Protection > Web Protection > Web Content Filter
Go to “HTTP Scanning Rules” and Add
Fill information with your name
Source/Destination IP address =*
URL Regex= windowsupdate.com
Action = bypass
If your system has too many Windows that is updating at same time, you should add bypass rule. Similar cases can be applied to a some business cloud (Microsoft 365, Apple…)
Web filter polices
In the scenario, I will block social website, video hosting, and some URLs
Protection > Web Protection > Web Filter Policies
Add new web filter policy
Give it the name and description
Clone Web Categories = Allow all (should)
Enable Reporting
Download File Size Restriction = 10 MB
Save
Then click on the policy you just created and “Add” new record
Category Type:
|
1 2 3 4 5 |
Web Category Social Networking Videos hosting HTTP/HTTPS Action = Deny Add |
|
1 2 3 4 |
File type Videos Files HTTP/HTTPS Action = Deny Add |
|
1 2 3 4 |
URL Group Category= Create new in "Web Protection, URL Group" HTTP/HTTPS Action = Deny Add |
Now, you will see 4 records (2 web , 1 file type, 1 URL Group)
Make sure that you SAVE after reviewing
Apply Web filter policy in Network/User rule
From the left navigation menu, select Polices, then you create or change a Rule.
|
1 2 3 4 |
Malware Scanning Scan FTP = ON Scan HTTP = ON Scan HTTPS = OFF (Appear in next article) |
|
1 2 |
Policy for User Applications Web Filter: Drop down to "your Policy" |
I will add a video for this article soon. Thanks!
Leave a Reply