Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
The XG Firewall has the ability to enforce SafeSearch and other features that some websites provide. The XG does not perform the SafeSearch, it only ensures that the website’s feature is turned on and cannot be bypassed.
More configuration options and enforcement granularity for SearchSearch and YouTube has been added in SFOS v17.5.
Please refer to the full KB article here.
I don't quite understand you article? I am running v17.5 beta-2 and can edit the exisiting policy as per the screenshot below. Is this because I imported a backup from v17.1.3?
In reply to rfcat_vk:
That is correct, Ian. That matches the article section "Changing settings in v17.5".
I worked on this KB and struggled a little bit over whether it should focus on SafeSearch in all versions and the differences, or should focus on SafeSearch in 17.5 with a note about how it worked previously. I ended up with describing everything and that might have made it less clear.
Please let me know where the confusion is so that we can improve the article.
In reply to Michael Dunn:
I am trying to understand what the note about v17.5 and later means. My impression is that you cannot edit existing policies but I can, that is my confusion?
When you change a firewall rule, you can select a Web Policy called "Allow All".
When you go to Web > Policies you cannot even see the policy "Allow All". It is a special policy that you can select but you cannot edit, and in fact cannot even see the details of.
In 17.5 the Allow All policy has SafeSearch turned off.
In 17.1 anybody who had the global SafeSearch on and is using the Allow All policy would experience SafeSearch being on.
In 17.5 using the Allow All policy would experience SafeSearch being off.
Therefore some customers who upgrade will have a change in experience.
(unofficial release notes)
Web Protection - Safe Search Enforcement
Enforcement of search engine Safe Search and additional image filters is now configurable per-web policy and is no longer a global option. The settings have been moved from Web > General Settings into the additional options that are available when editing a web policy. In addition, configuration for YouTube restrictions have been broken out into a separate option.
Product behaviour will be preserved on upgrade by automatically migrating the existing global settings to all existing web policies.
Before upgrade - Web > General settings
After upgrade - Web > Policies > Edit web policy
Enforce additional image filters
Enforce YouTube restrictions
Enabled - Strict
The exceptions to this are the following built-in, uneditable policies:
Enabled - Moderate
Now I understand. I had added the 'allow all' to my policy when I created it so all is understood.