Sophos Xg Web Protection

  

I would like to share a short guide article that shows you how to configure Web Filtering on the Sophos Firewall OS (XG Series). This is the beginning of the series “Complete solution to protect the risk from web and application”

In the first part, I will describe the steps to active/customize HTTP scanning.

Content:

Be sure to contact your preferred Sophos Partner immediately if you don’t have both these protection subscriptions active. The new threat protection technology in XG Firewall can only inspect and analyze decrypted traffic, so ensure that you’re inspecting TLS-encrypted web traffic. Sophos XG Network Protection Licenses, Subscriptions & Renewals Unleash the full potential of your network. All XG Network Protection Licenses, Subscriptions & Renewals can be found on their own individual product pages or purchase them below, more options can be found on individual product pages. In the Sophos XG management console click Log Viewer in the top right. Select Web server protection on the right-hand drop down box and you should see an entries similar to the image below We can see an error entry for WAF anomily when the Protection Policy is enabled. We can see a normal log entry for when the Protection Policy is set to none.

Canada post air mail international. Canada Post offers 6 international package and parcel services Light Packet - Maximum weight is 500 g. Maximum dimensions are 380 mm × 270 mm × 20 mm. No delivery time guarantee. First-Class Mail International ® (FCMI) service is the most affordable way to send letters and lightweight packages to more than 190 countries, including Canada and Great Britain. Send 1 oz letters or postcards around the world with one Global Forever ® stamp, which currently costs $1.20. All senders of parcel mail are required to complete a Canada Post Customs Declaration Form (iAW Canada Post Guide: International Parcel Air/Surface 43-074-172 also known as CP 72) for each parcel which must be attached to the outside of the respective parcel. USPS ® international mail services go to Canada, Mexico, and more than 190 countries. Choose a mailing service based on delivery speed or shipping prices. Our fastest services even include international tracking and insurance. Click-N-Ship ® service and USPS online tools help you fill out customs forms and print postage and address labels. Airmail M-Bags Send Large Amounts of Printed Material. Airmail M-Bag ® packaging is the most affordable way to send large amounts of printed material internationally, including newspapers, magazines, journals, books, sheet music, catalogs, directories, commercial advertising, and promotional matter. Delivery varies by destination. Prices start at $51.70 at a Post Office ™ location.

Sophos Web Appliance is licensed by the number of users, regardless of how many physical or virtual appliances are required to protect them. XG Firewall is licensed based on a subscription for each device required. To replicate the functionality of SWA, customers should at least purchase a Web Protection subscription for their XG Firewall devices. Feb 12, 2020 Sophos UTM/Sophos XG Firewall: Regular expressions for defining URL patterns; Sophos Firewall: Which is given precedence when a custom Web category is created, domain or keyword; Sophos Firewall: How to add a website from a default category to a custom category; Sophos Firewall: How to import domain names and keywords to a custom Web filter.

  • Scanning malware (Sophos / Avira/ both)
  • HTTP scanning rules
  • Filtering by category/URL/File Type

Malware Protection

Sophos provides 2 engines to scan,you can choose one or both, when the both engine is activated, your performance will decrease.

Protection > Web Protection > Malware Protection **primary engine

Protection > Web Protection > Web Content Filter **single/dual Anti-Virus

HTTP scanning rules

By default, all traffic will be scanning, but in fact we can customize to skip a some secure domains. That will reduce the load of the system, so you can improve performance significantly.

Example for bypass rule for Microsoft Update:

Protection > Web Protection > Web Content Filter
Go to “HTTP Scanning Rules” and Add

Fill information with your name
Source/Destination IP address =*
URL Regex= windowsupdate.com
Action = bypass

If your system has too many Windows that is updating at same time, you should add bypass rule. Similar cases can be applied to a some business cloud (Microsoft 365, Apple…)

Web filter polices

Sophos Xg Web Protection Exception

In the scenario, I will block social website, video hosting, and some URLs

Protection > Web Protection > Web Filter Policies

Add new web filter policy
Give it the name and description
Clone Web Categories = Allow all (should)
Enable Reporting
Download File Size Restriction = 10 MB
Save

Then click on the policy you just created and “Add” new record

Category Type:

2
4
Category=Create newin'Web Protection, URL Group'
Add

Sophos Website

Now, you will see 4 records (2 web , 1 file type, 1 URL Group)
Make sure that you SAVE after reviewing

Apply Web filter policy in Network/User rule

From the left navigation menu, select Polices, then you create or change a Rule.

2
Web Filter:Drop down to'your Policy'

Sophos Secure Web Gateway

I will add a video for this article soon. Thanks!