Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 7657 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Proxy Policy

Radu Mirea

Hi,

I'm using Sophos XG virtual appliance and trying to add users as exclusions for the Web Proxy - Transparent mode (Direct Mode off). If Anybody is used, policy is doing the job and blocking .exe files (as example). But i need that some users to be able to download them. So i have created two groups (imported from AD),one is Restricted and the second Relaxed. Restricted is assigned to Risky downloads and  Relaxed to Suspicious. From this point it seems that there's no effect from policy, users can download .exe. etc. Web Policy is assigned to LAN to WAN firewall rule LAN / ANY as source and service, WAN / ANY as destination and service. Web enabled settings for the firewall policy: Scan HTTP and decrypted HTTPS / Use web proxy instead of DPI engine / Decrypt HTTPS during web proxy filtering. Also appliance certificate is imported into users devices (Trusted Root).

Is there something else that i have to configure to make it work?

The purpose is to block internet to all users and allow only for dedicated groups and also split the internet policy restrictions between groups like the issue explained.

Thank you.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Radu Mirea

    Hi,

    you need to enable application control at least to allow all.

    i will update further when I have access to a bigger screen.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    Enabled Application Control with Allow All - should this have an impact, as i do not see any Slight smile

    Thank you.

  • 0 in reply to Radu Mirea

    Hi,

    you do not have any user controls enabled, all users can access rule 11. You need to enable the user function and add your allow group and in the next rule your disallow group.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    The context of user is missing. 
    So essentially: under live users you have to list the user context by using any of the authentication methods, SFOS offers. 
    You can choose from: 
    Sophos Endpoint, STAS, Kerberos, Captive Portal and many more. But you have to configure one. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi,

    I have created another Web Policy using Relaxed group and assign it to a top firewall rule with matching users enabled for Relaxed group. Old Web policy was set to use Anybody and assigned to Firewall policy 11 (without) matching users enabled. Seems to be working now, i'll do more tests to make sure this is the correct approach.

    Thank you.

Unfiltered HTML