Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 3578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block specific search terms in Google/Bing XG Home

Kevin Roth

Hi all,

I have recently purchased an XG 125 rev3 and installed Sophos home on it.

I have been playing with the web filter and have found that it works very well for the most part. However, I have been unsuccessful in blocking specific search terms - specifically adult/explicit content - on search engines and image search. 

I tried using Web Proxy instead of DPI and enabling the "decrypt HTTPS using Web proxy" option but anytime I do that websites do not load properly. I would prefer to accomplish my goal using DPI if possible.

Here is my current configuration:

LAN to WAN Rules (Web Filtering):

New-Test-Policy:

I have tried creating new category filters using "naughty terns" and adding those to the web policies but that fails.

I have also tried adding category terms like so:

but it has also failed. 

From reading other posts I have read that I have to enable SSL/HTTPS Decryption? Can anyone provide some guidance as to how I can block specific search terms using DPI?

Thanks again.



This thread was automatically locked due to age.
  • 0

    Hi,

    did you instal the XG CA on your devices? The web policies have a number of the items you are trying to block so you don't need to create new ones. I have the web proxy blocking access to a similar list sites using standard XG web policies.

    Ian

    You will also need to enable an application filter. The web proxy is automatically enabled with all th boxes you have ticked. Michael Dunn has written a number of articles on the use of web proxy and DPI and can be found at th etop of th eforum.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Hey  ,

    Thank you for reaching out to the community, you can refer - Sophos Firewall: HTTPS Decrypt and Scan FAQ.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Hi Kevin Roth

    Also, check if you have enable "Search engine enforcement" under Web filter Policy with option "Edit additional settings ".

    Check Log Viewer if website not loading to narrow down the web test 

    Make sure Sophos CA is imported on the web browser you can download as per the snapshot 

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Hi all and thank you for your answers.

    If I am understanding correctly in order for filtering to work the way I want it to I have to use Web proxy mode and also install the Sophos Certificate (CA) on all web browsers accessing the internet? 

    This doesn't seem very feasible in a home environment where there are many devices accessing the web. 

    I appreciate y'all's guidance and patience as I am new to the Sophos world. 

  • 0 in reply to Kevin Roth

    Hi,

    my experience with installing the CA in a home environment

    1/. Apple devices except Apple TV, easy and works without issues. You need to set trust level.

    2/. Microsoft - W11 installs but does not work well, edge fails to acknowledge the CA is installed.

    3/. Android - no experience

    4/. IoT devices most will not have a means of installing a CA, so you need seperate rules for IoT devices.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML