Sophos XG Firewall: How to configure web policy override

Overview

This article describes the steps to configure the Web Policy Override feature of Sophos XG firewall version 17.5 and above.

Feature overview

Web Policy Override allows administrators to authorize Users and/or Groups of individuals in order to allow peer access to blocked websites or website categories. An administrator may specify blocked websites and/or categories which may not be overridden by the Web Policy override feature.

What to do

Administrators should navigate to Web > General Settings tab, and scroll down to the Policy Overrides section.

Administrators should enable the feature, and specify users and/or user groups whom are allowed to create policy override exceptions.

Under the Blocked websites and categories dialogue box, administrators should specify any website, URL or website category that is to be exempted from the Web Policy override feature. The Allow manual access code entry check box will allow authorized user to specify the password or token rather than utilized a token generated automatically by the system.

Click Apply to apply the policy override settings.

Once the Sophos XG Firewall is configured to use the Web Policy override feature, authorized feature users may create Web policy overrides via their user portal.

Once logged into the user portal, authorized users should click on My policy overrides menu item.

Specify a name for the override session.

Noting the automatically generated password, users should specify/define URL’s and/or website categories to be overridden as well as defining time periods where the policy override is enforced (if appropriate).

Click Apply to apply the policy override policy.

When users browse to a blocked website, users will be indeed blocked as usual, however should the website fall within a policy override policy, users will be prompted to enter a password automatically generated earlier. As long as the user is in possession of the password, when entered, the user will be allowed access to the site.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.