Sophos XG: How to active Web Filtering (HTTP scanning)

I would like to share a short guide article that shows  you how to configure Web Filtering on the Sophos Firewall OS (XG Series). This is the beginning of the series “Complete solution to protect the risk from web and application”

In the first part, I will describe the steps to active/customize HTTP scanning.


  • Scanning malware (Sophos / Avira/ both)
  • HTTP scanning rules
  • Filtering by category/URL/File Type

Malware Protection

Sophos provides 2 engines to scan,you can choose one or both, when the both engine is activated, your performance will decrease.

Protection > Web Protection > Malware Protection **primary engine

Protection > Web Protection > Web Content Filter **single/dual Anti-Virus

HTTP scanning rules

By default, all traffic will be scanning, but in fact we can customize to skip a some secure domains. That will reduce the load of the system, so you can improve performance significantly.

Example for bypass rule for Microsoft Update:

Protection > Web Protection > Web Content Filter
Go to “HTTP Scanning Rules” and Add

  Fill information with your name
  Source/Destination IP address =*
URL Regex=
Action = bypass

If your system has too many Windows that is updating at same time, you should add bypass rule. Similar cases can be applied to a some business cloud (Microsoft 365, Apple…)

Web filter polices

In the scenario, I will block social website, video hosting, and some URLs

Protection > Web Protection > Web Filter Policies

Add new web filter policy
   Give it the name and description
   Clone Web Categories = Allow all (should)
   Enable Reporting
   Download File Size Restriction = 10 MB

Then click on the policy you just created and “Add” new record

Category Type:

Now, you will see 4 records (2 web , 1 file type, 1 URL Group)
Make sure that you SAVE after reviewing

web filter

Apply Web filter policy in Network/User rule

From the left navigation menu, select Polices, then you create or change a Rule.

I will add a video for this article soon. Thanks!

Be the first to comment

Leave a Reply

Your email address will not be published.