I'm using Sophos Central, to block any other site except I allowed in > "settings" > "web management" and "tagged As" (allow)
and when I create a new role under "web control" and under "Control sites tagged in Website Management" and i added new (allow) and the role is enforced
BUT the users can access any site normally ?? how is that
Hello Sbacd_IT User,
I recommend using the following test page to verify if the Web Control policy has applied to the affected device successfully. - http://sophostest.com/
If you've applied policy changes to certain devices, but the website access hasn’t changed, it’s possible to use the test site above to browse to certain blocked categories without actually needing to go to the blocked websites.
This will help verify if the policy has applied successfully to the affected device(s). You can also check the "Endpoint Self Help" tool to see when the latest policy was received by the device for each of the policies in Sophos Central.
Let me know if this helps.
1/ when I add website to allowed sites "Website Management"? is that necessary to choose "CATEGORY OVERRIDE" to it?!!?
2/ after apply the role, are all sites (not allowed) must get the message "web site is blocked" if the user tried to access them?
3/ after applied the role still some site are not blocked i.e. "youtube.com" ? how is that could be?
In regards to the points you mentioned.
1. It isn't necessary to use both "Tag" and "Category Override." We recommend using one or the other when controlling website access.
2. HTTPS websites will not return the "Website Blocked" page in the web browser. Further information is present in the link below.- How to check if web Control is working
3. Within the FAQ document, the section "Why are some exemptions not behaving as expected when accessed over HTTPS?" elaborates further.
In general, if you're looking to restrict web access on your environment so that ALL websites are blocked, but only the ones you specify are allowed, I would recommend using an XG device to perform this sort of filtering. The XG is also able to inject the "Blocked" page regardless of the site being HTTP or HTTPS.
Sophos' Web Control component is not intended to be used in the same fashion. With that being said, some significant changes are coming to Sophos' Web Control component in the coming months. I recommend enrolling a test device in the Early Access Program titled "New Endpoint Protection Features."
This may allow for more robust filtering to take place, which could accomplish what you're looking for. Let me know if your results improve when testing out the EAP.