Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Simultaneous use of web filtering and app control

Arnold Aggo

Hello everyone,

We are currently trying to use web filtering together with app control in the same rule and unfortunately cannot find a solution. We are looking for a solution for the following setup:

We operate some PCs in our production environment that are only allowed to access certain websites on the Internet. We have created a corresponding web policy for this, in which the allowed websites are stored as a permitted URL group and the default action is set to block. In future, however, Office 365 and other Microsoft cloud apps are to be used on these computers. As a first idea, we tried to add an application filter in which O365 is explicitly allowed to the existing rule. Unfortunately, access is still blocked by the web filtering.

Unfortunately, I have not yet been able to find a solution or suitable examples for combining the two features in a similar setup. Perhaps someone has an idea on how we could implement the requirements.



This thread was automatically locked due to age.
  • 0

    You will create more than one firewall rule, one for each unique user usage profile, and assign custom web filtering and application filtering rules to them -- with either you using their usernames as the differentiator (or AD group membership, etc.) or if you don't want to use authentication, group the PCs together in FQDN Groups and assign the user profile rules that way.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

    • 0 in reply to BrucekConvergent

      Hello,
      thanks for the answer, but the differentiation of sources is not my problem. This is already implemented in the existing rules and works perfectly.
      The problem is that there seems to be no way to use application protection together with web filtering towards the internet.
      There was a similar discussion here over four years ago: community.sophos.com/.../application-filter-app-control-vs-web-policy---order-of-precedence. Nothing seems to have happened on this topic since then.
      I have now manually (!) added the required URLs for the products used from the Microsoft documentation to a URL group and have created a rule for this and for the required IP addresses.

      • 0 in reply to Arnold Aggo

        HI,

        you add your web policy in the web config and your application policy in the application field. Which part is failing?

        Ian

        XGS118 - v21.5.0

        XG115 converted to software licence v21.5.0

        If a post solves your question please use the 'Verify Answer' button.

        • 0 in reply to Arnold Aggo

          App control can be used to block additional things.  App control cannot be used to explicitly Allow something that is blocked by web policy.  If any policy (web or app) blocks, we block).

          If you go to Web > Exceptions take a look at the Microsoft exception that is there.  You can can create your own exception using the same format (RegEx).  Exceptions are an alternative to using URL groups or Custom Categories for web policy.

          You may want to look here for Microsoft's documentation on what domains it uses.  Its terribly complex.  But it might let you know what domains you are missing.
          learn.microsoft.com/.../urls-and-ip-address-ranges

          We have an older revision of that documented here.  But it has changed in the last year.  I am working on a better way of doing it.
          support.sophos.com/.../KBA-000006163

          Your best bet is to use the Log Viewer, Web Filter, filter on Blocks.  Do the action on the client (which is not working).  Look for what is blocked in the log.  Add that domain to the web policy/exception.  Repeat test.