1.The purpose of the article
This article will guide you to configure the Web Filtering feature on Sophos Firewall, this feature will help administrators control users’ web access.
- The internet connection is connected at port 2 of the Sophos Firewall device with IP 192.168.2.103.
- The LAN subnet is configured at port 1 of the Sophos XG Firewall device with IP 10.145.41.1/24 and configured with a DHCP Server to allocate IPs to connected devices.
- Finally, computer 1 connects to the LAN and receives an IP from DHCP of 10,145.41.50/24.
We will configure Web Filtering to block accessing pages in the Social Networking category on Sophos Firewall and use computer 1 to check the results.
4.Step to take
- Create Web policy.
- Create Firewall rule.
5.1.Create Web policy
To create, go to PROTECT > Add policy.
The Add web policy table appears, fill in the following information:
- Name: Test_Web_Filtering
Next click Add rule, click All web traffic at Activities.
Click the minus icon to the right of All web traffic to delete.
Click Add new item.
Select Show only… > Web categ… .
A list of web categories appears, fill in the search box for the word social, select Social Networking and click Apply 1 selected items.
At Action, we choose Block HTTP and Block HTTPS.
At Status click the switch button to switch the status to ON.
5.2.Create Firewall Rule
We will create a firewall rule that allows the LAN to access the internet and add a web policy to this firewall rule.
Note if this firewall rule already exists, just add the web policy as shown below.
To create a firewall go to PROTECT > Rules and Policies > Add firewall rule > New firewall rule.
Configure according to the following parameters:
- Rule status: ON
- Rule name*: LAN_TO_WAN
- Action: Accept
- Log firewall traffic: check
- Rule position: Top
- Rule group: None
- Source zones*: select LAN
- Source networks and devices*: select Any.
- During scheduled time: select All the time.
- Destination zones*: select WAN.
- Destination networks*: select Any.
- Service*: select Any.
- At Web filtering > web policy: select web policy Test_Web_Filtering.
- Block QUIC protocol: select.
- Click Save.
On computer 1, access the social networking sites facebook.com, twitter.com, instagram.com to check.
Accessing facebook.com, this page has been blocked by Sophos because it belongs to the category of Social Networking.
Visited twitter.com and it was blocked by Sophos because it belongs to the Social Networking category.
Accessing instagram.com, this page has been blocked by Sophos because it belongs to the category of Social Networking.
Still accessing the sophos.com page normally because it is not on the banned list.
We will check the log to see if it is true that Sophos Firewall bans social networking sites.
On the admin page of Sophos Firewall click on Log Viewer.
Một cửa sổ hiện ra với log của Sophos Firewall.
Select Web filter to display only the log of the Web filter.
We can see that Sophos Firewall has banned access to Facebook, Twitter, and Instagram pages because they belong to the category of Social Networking.