Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 15 subscribers
  • Views 1476 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block all web sites, allow a few URLs

Adrian Henderson

Hello,

We are trialing this endpoint system.  With our current platform I can set a deny all, but allow just Office 365 URL's to allow outlook/webmail only.  Is this possible?  I don't really see any options to set that up?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Adrian,

    In general, the Endpoint Web Control is more meant to prevent access to specific websites with a default allow. You could achieve this goal, but it would be cumbersome.

    A better product for that sort of thing is the SFOS (Sophos Firewall) since it can sit at the demarc and can have more robust filtering options - such as acting as a web proxy. https://www.sophos.com/en-us/products/next-gen-firewall.aspx 

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to RichardP

    Thanks. This is a simple check box in Kaspersky endpoint.  We have an XG, but the procedures to do that is really involved,  with user sync and logins, enable SSL inspection.certificate etc. 

  • 0 in reply to Adrian Henderson

    You don't need to use all related XG features to do what you want, which I think lowers the complication factor a lot.

    All you need to do is have one Firewall rule to drop all HTTP/HTTPS traffic destined for the WAN, and above it place a rule that allows HTTP/HTTPS traffic but only to the websites you want to allow. Have these two rules early in the Firewalls Rules so that HTTP/HTTPS traffic is dropped before other rules that might allow it due to other factors.

    For the HTTP/HTTPS traffic that you allow, you should impost the appropriate CFS, IPS, and decryption conditions that make sense.

  • 0 in reply to Wayne Folta

    Thanks.  But it's not for everyone, just a few PC's so that does involve either restricting by the user log in or statically assigning/reserving an address etc.  Comparably, I just wish there was a feature that could handle it along with blocking ZIP/Archives in the allowed downloads options with ease.

Reply
  • 0 in reply to Wayne Folta

    Thanks.  But it's not for everyone, just a few PC's so that does involve either restricting by the user log in or statically assigning/reserving an address etc.  Comparably, I just wish there was a feature that could handle it along with blocking ZIP/Archives in the allowed downloads options with ease.

Children
Unfiltered HTML