Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
There are some sites that I need Ads blocker disabled, or I wouldn't be able to continue. Is it possible to whitelist?
SFVH (SFOS 18.5.1 MR-1-Build326)
Hi,Most certainly is. You need to be using decrypt and scan in the proxy. Create your own web policy using the no adverts, then create exception in the web exceptions.
the block policy needs to be in your firewall rule web setting, you will also need ips enabled.
ian
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
Where do you set this-decrypt and scan in the proxy? Not familiar with IPS. Why does it need to be enabled?
Hi,
ips is used as part of the detection system. You will see check boxes in your firewall rules when you enable the web function. Also you will need to install the XG ca on your devices.
Do you mean tick "Decrypt HTTPS during web proxy filtering?"
XG ca should be installed on each and every device, or? No access to internet for those devices?
please see the screenshot below from my XG.
Ian
What happens if I don't install CA? I've tried installing activating it before, resulting in a lot of blocked access, if I remember correctly. Is it also required in mobile phones, tablets?
What happens is the sites are not evaluated and therefore not blocked. If you are seeing blocked access that means the ca is not installed correctly. Yes it needs to be installed on all devices that use that firewall rule.
ok, the installation of CA part gives me hesitation. Is that an additional thing I can do, to make it more effective? Or is that a hard requirement?
If you require any form of decryption, the ca is mandatory, except if you use the ssl/tls rules, but they don’t provide the full web search and block you are after.
so is the purpose of CA to sign the decrypted https sites after scanning?
No,
before scanning otherwise XG would not be able scan the url download.
Ok. thanks for the confirmation. I'm undecided due to need to install CA on each device.
How often do you need to reinstall a new CA on existing devices? Is it 1x only, no need to update, reinstall new CA?
once should be enough, but sometimes after updates to devices.
Thank you for patiently answering my questions! I will create a new firewall rule and test on some devices first.