Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall - GEO Blocking is equal to Webfiltering?!

Hello Sophos-Community, 

I own a Sophos XGS 126 [SFOS 18.5.2 MR-2-Build380] and am happy with it. After tinkering with a few settings, I found something odd and wanted to ask if this is intended?

(SSL Inspection = ON - DPI Engine Active - Added Rule in SSL Inspection to Scan all SSL Certs. - Default Compatibility Rule exists and is ON - Exclusions Defined in Web -> Exceptions -> RegEx entry's for different domains that are incompatible with SSL-Inspection)

For starters I created a Firewall Rule for GEO Blocking

TOP Rule

Rule

Drop any service going to any zone, when in any zone, and coming from any network, then apply log connections

Source & schedule
Any

Source networks and devices : Any
During scheduled time : All the time

Destination and services
Any

Destination networks : Country's To BLOCK and TEST!!!!
Services : Any

Exclusions

Source zones :
Source networks and devices :
Destination networks :
Destination networks :
Services :

What is odd is if a site on the Country list gets blocked, a Block Site from Sophos comes in.
EXAMPLE:

GEO_Blocking_Rule blocks a Country, and you visit a site that is blocked by that list and has a category in the Sophos XG. The Page will say it was blocked by a WebCategory example: Entertainment!!!

But in truth the GEO_Blocking_Rule did the Blocking!!! Not the WebPolicy >.<

Is this reconstructable? = YES

Best regards

Sig.



This thread was automatically locked due to age.