Sophos Firewall - Web Protection

Overview

Web Protection Overview

Web Policies

General Settings

Quotas and Traffic Shaping

Web Protection Overview

Summary

Standard Users

username and password, locally or externally

Clientless Users

IP address, locally

Guest Users

system generated username and password, locally

Protection:

  • scan for malware with two antivirus engines
  • Sophos zero-day protection cloud based sandbox scanning
  • Scan for potentially unwanted applications

Control:

  • Allow, warn, block and quota access to web content
  • Apply rules to users and groups
  • Control content based on categories, file types, URLs and content
  • Surfing quotas

DPI vs Web Proxy Filtering

DPI:

  • Port agnostic protocol detection
  • Support for FastPath
  • Decrypts TLS 1.3 traffic
  • Offloads traffic trusted by SophosLabs
DPI is faster than Web Proxy Filtering but the legacy web proxy is still supported

    Web Proxy Filtering:

    • Apply YouTube restrictions
    • Explicit proxy mode

    DPI Filtering

    Using the DPI engine allows the Sophos Firewall to offload traffic that Sophos qualifies as being safe to the FastPath.

    Web Proxy Filtering

    HTTP and traffic on  port “80” and “443” will be processed by the legay web proxy for decryption, web policy and content scanning.

    HTTP or HTTPS traffic on other ports will still be handled by the DPI engine.

    Using Web Proxy Filtering, none of the traffic can be offloaded to the FastPath.

    Web Policies

    Summary

    1

    Hotspot

    2

    Clientless Users

    3

    Single Sign-On

    4

    Authentication Agent

    5

    Captive Portal

    Web policy is an ordered list of rules and a default action, either allow or deny.

    Each web policy rule is either assigned to everyone, a specific user, or a group.

    Note:
    Don’t forget to turn on the rule after you create them.

    User Activities

    With User Activities you can group web categories, URL groups and file types into a single object

    Categories

    Sophos Firewall comes with over 90 predefined web categories.

    You can create custom web categories or import from an external URL database.

    External URL databases can be from either a HTTP or FTP server.
    The db should be in one of the following formats:

    • .tar
    • .ga
    • .bz
    • .bz2
    • .txt

    The db will be checked every two hours for updates.

    URL Groups

    match on domains and all subdomains for the entered domain.

    File Types

    Manage access to files based on the specified file type

    Content Filters

    Log, monitor and enforce policies related to a keyword list.

    General Settings

    Protection Settings

    • single or dual engine scanning
    • scan mode
    • action to take for unscannable content and potentially unwanted applications

    Configured in:
    Web – General settings

    Zero Day Protection

    global zero day protection is configured in:
    PROTECT – zero-day protection – Protection settings

    Zero day protection requires the Sophos scan engine. You need to either select Sophos as the primary scan engine or use dual engien scanning

    Configured in:
    CONFIGURE – System services – Malware protection

    User Notifications

    Modify the images and text shown on the warn and block pages.

    Quotas and Traffic Shaping

    Surfing Quotas

    Control the amount of time spent on the internet. Surfing quotas apply to all internet traffic.

    Traffic Shaping

    Limit or guarantee how much bandwidth will be available. Can be applied to users and groups, firewall rules and applications.

    Scroll to Top