Does anyone here know how to create Web-filtering policies so that the Sophos XG firewall can also act as a replacement for AdGuard Home or PiHole ?
Thank you in advance.
Hey J ThaiYou must enter a valid domain name & regular expressions aren't allowed and it can update a maximum of 10,000 URLs in URL group !!
You can't easily fetch random lists of websites to block as you can with PiHole. Sophos has its own curated lists, as in your screenshot, that include Ads that they maintain and which auto-update.
Otherwise, you can create groups and import lists into them. That's what I do. No it's not automated, but it is a button click from the GUI. A hundred or so sites block the vast majority of ad and tracker sites for me, and they don't change on a daily or even weekly basis.
I use the XG exclusively to block ads and find it very effective. The stuff that doesn’t get blocked is the embedded content, but when you click on the displayed item the connection to the website is blocked.
XG115W - v19.0.1 mr-1 - Home
1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.
If a post solves your question please use the 'Verify Answer' button.
I use a Mac and the ultimate protection there is Little Snitch, which is an outgoing firewall that's application-aware. I have the feeling that I've set an option somewhere such that it does get fed ad/tracker/dangerous site information, but it mainly asks the first time whether you want to allow or not, then makes a rule as appropriate and no longer asks. You can also run it in monitor-only mode. So I click a lot to block connections and then I can save the rule file, transfer it to other Macs and run them in a mode that allows anything not prohibited by a rule -- i.e. so they inherit my blocks but otherwise don't prompt the user.
Then, once in a while I review Little Snitch logs and copy some of the worse offenders (by volume and not too specific to a particular application that is only on my Mac) to my Ad-blocker file which I then upload to the XGS. Right now there are about 100 sites in that file, so it's pretty lean and mean. (The Macs already block due to Little Snitch, but it's for the benefit of other devices on the network like tablets, phones, etc.)