How to configure download blocking by file type on Sophos XG

1.The purpose of article

  • This article will guide you how to configure blocking network users to download specified file types such as audio, video, exe, etc.
  • Specifically, today’s article we will perform the configuration of blocking download mp3 files and testing on users’ computers using the Sophos XG firewall device.


a. Create web policies and add them to the internet access rule

  • The first step is to log into the Sophos firewall admin page with an account with admin rights.
  • We click Web> Policies> Add Policy to create policy for the web.
  • The Add Web Policy panel appears, here we will name the web policy Block_Download_File-Type.
  • Next click on Add Rule to create the web rule.
  • Click All Web Traffic in the Activies column and click on the dash icon to delete it.
  • Then click Add New Item to add the items to be banned.
  • Since we have banned downloading according to audio files, we choose Show Only and select File Type we will see Audio File on the first line.
  • Then click Apply 1 selected items to save.
  • Next we pay attention to the Action and Status columns, in the Action column we will select as HTTP Block and HTTPS and in the Status column we will select ON.
  • Click Save to save, after clicking Save the browser will ask us to redirect to the Firewall Rule to add this policy to the Internet access rule.
  • Click Go to Firewall Rule, select the rule that allows users to access the internet here, I will select the #Default_Network_policy rule and click Edit to add web policy.
  • In the Web malware and content scanning section, we will choose the following image.
  • In the Advanced section, we will add the newly created web policy in the box below the Web Policy.
  • Click Save to save.

b. Download Sophos certificates and import them into your computer.

  • Go to Certificates> Certificate Authorities> download SecurityAppliance_SSL_CA.
  • Right-click on the download certificate and select Rename, fix the tail of the pem behind the dot to cer
  • In the search box of windows type mmc and open it
  • Click File> Add / Remove Snap-in …, the Add or Remove Snap-ins panel appears.
  • Select Certificates> click Add> Computer Account> Next> Finish> OK.
  • Go to the Console Root path> Certificates> Trusted Root Certification Authorities> Certificates.
  • Right-click Certificates> All Tasks> Import.
  • Import the downloaded certificate from Sophos.
  • After configuration is complete we will go to chiasenhac page to try downloading an mp3 file to check the results.
  • As you can see, Sophos has reported blocking when we tried to download an mp3 file.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.