Does anyone here know how to create Web-filtering policies so that the Sophos XG firewall can also act as a replacement for AdGuard Home or PiHole ?
Thank you in advance.
Hey J ThaiYou must enter a valid domain name & regular expressions aren't allowed and it can update a maximum of 10,000 URLs in URL group !!
Hi J Thai,
Kindly see below if this may help you
Sophos XG has a built-in Ad block Category which can also be customized
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Thanks for your reply buddy. Does Sophos maintain a list or category for malware, malicious and crypto-mining domains of any kind ?
Hey J Thai yes Sophos does maintain such a list. Sophos Labs and Sophos AV !!
Thanks & Regards,
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Thanks for your quick reply buddy. In addition to that, does Sophos XG firewall let me fetch a collective blocklist of websites online, e.g. this one (https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt) ? I can not download this list then fetch to the firewall manually because it is frequently updated online.
Below is a screenshot of AdGuard Home which allows me to fetch such lists from the Internet (mainly Github).
Thanks again buddy.
Hello J Thai,Sure you can fetch that list from the site mentioned and create a list which you can upload it under the following path:Web > URL groups > add
The default SSL/TLS exclusion rule excludes these groups from TLS decryption:
And then you can add the URL groups with the desired action as allow/block - http/https !!
Thanks for your quick response buddy.
So I understand that by copy the txt file link when adding that URL group, Sophos XG will automatically fetch the list and update it routinely for me ?
Thanks again buddy.
You can't easily fetch random lists of websites to block as you can with PiHole. Sophos has its own curated lists, as in your screenshot, that include Ads that they maintain and which auto-update.
Otherwise, you can create groups and import lists into them. That's what I do. No it's not automated, but it is a button click from the GUI. A hundred or so sites block the vast majority of ad and tracker sites for me, and they don't change on a daily or even weekly basis.
I use the XG exclusively to block ads and find it very effective. The stuff that doesn’t get blocked is the embedded content, but when you click on the displayed item the connection to the website is blocked.
XG115W - v19.0.1 mr-1 - Home
1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.
If a post solves your question please use the 'Verify Answer' button.
I use a Mac and the ultimate protection there is Little Snitch, which is an outgoing firewall that's application-aware. I have the feeling that I've set an option somewhere such that it does get fed ad/tracker/dangerous site information, but it mainly asks the first time whether you want to allow or not, then makes a rule as appropriate and no longer asks. You can also run it in monitor-only mode. So I click a lot to block connections and then I can save the rule file, transfer it to other Macs and run them in a mode that allows anything not prohibited by a rule -- i.e. so they inherit my blocks but otherwise don't prompt the user.
Then, once in a while I review Little Snitch logs and copy some of the worse offenders (by volume and not too specific to a particular application that is only on my Mac) to my Ad-blocker file which I then upload to the XGS. Right now there are about 100 sites in that file, so it's pretty lean and mean. (The Macs already block due to Little Snitch, but it's for the benefit of other devices on the network like tablets, phones, etc.)