How to set up ad-blocking web policies ?

Hi J Thai,

Kindly see below if this may help you

TechVid: https://www.youtube.com/watch?v=di5FnRmjZ4Y

Sophos XG has a built-in Ad block Category which can also be customized

Web>Categories

Thanks for your reply buddy. Does Sophos maintain a list or category for malware, malicious and crypto-mining domains of any kind ?

Hey J Thai yes Sophos does maintain such a list. Sophos Labs and Sophos AV !! 

Thanks for your quick reply buddy. In addition to that, does Sophos XG firewall let me fetch a collective blocklist of websites online, e.g. this one (https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt) ? I can not download this list then fetch to the firewall manually because it is frequently updated online.

Below is a screenshot of AdGuard Home which allows me to fetch such lists from the Internet (mainly Github).

Thanks again buddy.

Hello J Thai,

Sure you can fetch that list from the site mentioned and create a list which you can upload it under the following path:
Web > URL groups > add 

The default SSL/TLS exclusion rule excludes these groups from TLS decryption:

• Local TLS exclusion list: You can add URLs to this list.
• Managed TLS exclusion list: Domains known to be incompatible with TLS decryption. Firmware updates may update this list.

And then you can add the URL groups with the desired action as allow/block - http/https !! 

Thanks for your quick response buddy.

So I understand that by copy the txt file link when adding that URL group, Sophos XG will automatically fetch the list and update it routinely for me ?

Thanks again buddy. 

Hey J ThaiYou must enter a valid domain name & regular expressions aren't allowed and it can update a maximum of 10,000 URLs in URL group !!

You can't easily fetch random lists of websites to block as you can with PiHole. Sophos has its own curated lists, as in your screenshot, that include Ads that they maintain and which auto-update.

Otherwise, you can create groups and import lists into them. That's what I do. No it's not automated, but it is a button click from the GUI. A hundred or so sites block the vast majority of ad and tracker sites for me, and they don't change on a daily or even weekly basis.

I use the XG exclusively to block ads and find it very effective. The stuff that doesn’t get blocked is the embedded content, but when you click on the displayed item the connection to the website is blocked.

ian

I use a Mac and the ultimate protection there is Little Snitch, which is an outgoing firewall that's application-aware. I have the feeling that I've set an option somewhere such that it does get fed ad/tracker/dangerous site information, but it mainly asks the first time whether you want to allow or not, then makes a rule as appropriate and no longer asks. You can also run it in monitor-only mode. So I click a lot to block connections and then I can save the rule file, transfer it to other Macs and run them in a mode that allows anything not prohibited by a rule -- i.e. so they inherit my blocks but otherwise don't prompt the user.

Then, once in a while I review Little Snitch logs and copy some of the worse offenders (by volume and not too specific to a particular application that is only on my Mac) to my Ad-blocker file which I then upload to the XGS. Right now there are about 100 sites in that file, so it's pretty lean and mean. (The Macs already block due to Little Snitch, but it's for the benefit of other devices on the network like tablets, phones, etc.)