This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New to Sophos Central, have question about policies and groups

Hi,

I'm new to Sophos Central. I've been reading but need some help with complex policies and groups.

 

I have 300 users.

I want to block ALL websites except for linkedin.com and facebook.com for ALL users EXCEPT a group called IT Department.

How do i create a policy to block all sites except for 2 URLs, and then apply it to all Groups except for IT Department group?

 



This thread was automatically locked due to age.
Parents
  • Hi Brad,

    Please keep in mind Sophos Central Endpoint was not designed to block access to all websites except a select few.

    To do this first navigate to Global Settings > General > Website Management.  Click Add on the top right and put linkedin.com and facebook.com in the URLs and give this any name tag.  We will leave Category Override blank.  Then navigate to the left panel, Endpoint Protection > Policies > Web Control - Base Policy - Web Control > Settings > "Acceptable Web Usage" and change this to Let me specify...  Set all the categories to block and under "Control sites tagged in Website Management", add your recently created tag with the action of "Allow" and save.

    We now have a policy to block all websites except linkedin.com and facebook.com but now we need to allow access to websites for the IT Department.  We can do this by going back to the Policies section of Endpoint Protection and creating a new Web Control policy.  Give this policy a name on the top and click the Groups tab.  Add the IT Department Group to this and then navigate to the Settings tab. From here tune the settings to how you wish for the IT Department.  Make sure the policy is enforced in the far right tab and save.  If you are unsure of any of the settings, you can click Help on the top right and the page this directs you to should show you what every setting does.  If anything is unclear please let me know.

Reply
  • Hi Brad,

    Please keep in mind Sophos Central Endpoint was not designed to block access to all websites except a select few.

    To do this first navigate to Global Settings > General > Website Management.  Click Add on the top right and put linkedin.com and facebook.com in the URLs and give this any name tag.  We will leave Category Override blank.  Then navigate to the left panel, Endpoint Protection > Policies > Web Control - Base Policy - Web Control > Settings > "Acceptable Web Usage" and change this to Let me specify...  Set all the categories to block and under "Control sites tagged in Website Management", add your recently created tag with the action of "Allow" and save.

    We now have a policy to block all websites except linkedin.com and facebook.com but now we need to allow access to websites for the IT Department.  We can do this by going back to the Policies section of Endpoint Protection and creating a new Web Control policy.  Give this policy a name on the top and click the Groups tab.  Add the IT Department Group to this and then navigate to the Settings tab. From here tune the settings to how you wish for the IT Department.  Make sure the policy is enforced in the far right tab and save.  If you are unsure of any of the settings, you can click Help on the top right and the page this directs you to should show you what every setting does.  If anything is unclear please let me know.

Children