This article describes the steps to configure and troubleshoot the Web Policy Override feature of Sophos XG firewall version 17.5 and above. The following sections are covered:
Applies to the following Sophos products and versions
Sophos XG firewall (SFOS) version 17.5
Web Policy Override allows administrators to authorize Users and/or Groups of individuals in order to allow peer access to blocked websites or website categories. An administrator may specify blocked websites and/or categories which may not be overridden by the Web Policy override feature.
Administrators should navigate to Web > General Settings tab, and scroll down to the Policy Overrides section.
Administrators should enable the feature, and specify users and/or user groups whom are allowed to create policy override exceptions.
Under the Blocked websites and categories dialogue box, administrators should specify any website, URL or website category that is to be exempted from the Web Policy override feature. The Allow manual access code entry check box will allow authorized user to specify the password or token rather than utilized a token generated automatically by the system.
Click Apply to apply the policy override settings.
Once the Sophos XG Firewall is configured to use the Web Policy override feature, authorized feature users may create Web policy overrides via their user portal.
Once logged into the user portal, authorized users should click on My policy overrides menu item.
Specify a name for the override session
Noting the automatically generated password, users should specify/define URL's and/or website categories to be overridden as well as defining time periods where the policy override is enforced (if appropriate).
Click Apply to apply the policy override policy.
When users browse to a blocked website, users will be indeed blocked as usual, however should the website fall within a policy override policy, users will be prompted to enter a password automatically generated earlier. As long as the user is in possession of the password, when entered, the user will be allowed access to the site.
Web policy override log events are written to the Web Filter log. In the following example log, we have filtered the log to find the override token relating to the Google.com website.
Administrators who require detailed log file analysis, may access the /log/awarrenhttp.log file for Web proxy service logs events, as well as the /log/awarrenhttp_access.log file to view the Web Proxy transactions. In the following awarrenhttp.log, the override session name, override token and override authorizer username is specified.
The block override feature settings are stored in XG Firewall's PostgreSQL database, (tbloverridepolicy table). When using the SQL SELECT command of “select * from tbloverridepolicy, the XG firewall will display the override session corresponding access code/token:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.