This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block specific website globally without adding to all policies

Hi,

We're using Sophos UTM 9.510-5 and I'm trying to find a way to block specific websites globally. Our setup in a nutshell:

We have an AD SSO enabled Web filter profile with several policies and several filter actions. For example:
Filter action 1: Network Administrators are allowed to download executables
Filter action 2: A group of users is allowed to visit websites with specified categories that are blocked in Default content filter action
Filter action 3: Another group of users is allowed to visit websites with specified categories that are blocked in Default content filter action but not allowed in Filter action 2
... and so on ...
Default content filter action: Average Joe-like users are not allowed the obvious unwanted websites and are not allowed to download executables

This all works fine so far. But there's a list of websites I want to block for all users. No exceptions. As far as I know the only way doing it, is adding each and every website to each and every Filter action. But isn't there an easier way of doing it? Every now and then I'm retrieving lists of malicious websites who aren't (yet) blocked by Sophos itself. Adding these websites to all filter actions is time consuming and obviously it's easy to make a mistake.

Thank you in advance!



This thread was automatically locked due to age.
Parents
  • Under filtering options -> websites add those sites and Tag those sites (Create a tag Forbidden or something like it) You do this for every site that should match this.

    Next in every filter action you can configure that websites that have this Tag should be blocked. This is a one-time edit of every fiter action (Under Websites => Control sites tagged in the Website List).

    Another option is to add those sites to Filtering options => Websites just as described above, but in stead of adding the Tag override the category to a category that is forbidden for everyone (if you have any categories of those that are forbidden in every filter action).


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Thanks for your answer! This is exactly what I was looking for. I was already fiddling around a bit, but I overlooked a small but important detail. ;-)

Reply Children
No Data