Sophos XGS Webfilter and Sophos Central Webfilter

hello,

How does a computer behave when it is in the firewall network but is also supposed to use and utilize various web policies via Sophos Endpoint Protection? The firewall also has a web filter that has been rolled out to different users and PCs. How can I connect the two without the web filter of the firewall and the web filter of Sophos Central interfering with each other?

Thank You!



Added TAGs
[edited by: Raphael Alganes at 11:40 AM (GMT -8) on 31 Jan 2024]
Parents
  • Hello  ,

    Thanks for reaching out to Sophos Community.

    Could you please elaborate this question?

    How can I connect the two without the web filter of the firewall and the web filter of Sophos Central

    Kindly provide more details on what specific connectivity/scenario you’re trying to achieve. 

    Thank you.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • The customer uses a Sophos XGS with web filter function. So traffic that goes to the Internet is controlled via firewall rules and these have different web filter settings. Sophos Endpoint Protection is also installed on each PC. This also controls web access via certain policies that are configured in Sophos Central. What happens if a PC in the network is behind the firewall but also uses Sophos Endpoint Protection with certain web filters?

    The web filter of the firewall and the web filter of Endpoint Protection are then used simultaneously.

  • Hello, 

    Thanks for your response. 

    This would still work. When the client is behind the Sophos Firewall, EP web filter should take precedence and be scanned first before the FW Web Filter.

    e.g.

    EP: Blocked, FW: Allowed | Result: Blocked

    EP: Allowed, FW: Blocked | Result: Blocked

    On the other hand, If you're asking if web policy on EP and on FW can be synced together. This should not be available at the moment. 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • This works fine and many customers are doing it.  Each system is independent.

    Outgoing request
    Browser -->  Endpoint  --> XG --> Website
    Incoming response
    Browser <--  Endpoint  <-- XG <-- Website

    Lets say that both the endpoint and xg are configured with a policy to block adult sites.

    The endpoint is the first thing that sees the request.  It categorizes it as Adult and blocks.  The block is performed by Endpoint.  XG never sees the request so it doesn't log anything.

    Now in a different scenario lets say the Browser downloads a file that contains a virus.
    There is nothing wrong in the outgoing request, both the endpoint and XG allow it out.
    When the incoming response occurs the file is first sent to the XG which scans it.
    The XG detects the virus and blocks it, changing the response to a block page (which is sent to endpoint and then browser).
    In this case the block is performed by XG.  Endpoint never saw the file so it did does not log there was a virus.

    In general if the policy is roughly the same, outgoing request blocks are done by Endpoint and incoming response content blocks are done by XG - because those systems are "first" in those directions.

    This does mean you might need to look at the logs of both.  I do not know much about Sophos Central but there may be something that helps there.

  • I can confirm, this works great from a technical point of view. But it is a lot of work managing exceptions on two independent systems ;) In addition, Sophos Central does not offer such fine options for web filters as the firewall does.

Reply Children
No Data