Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 37693 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Content Filter Bypass and IP Address Exclusion

jprez1980

Hello All -

I plan to install the Sophos XG Home version in the next few days - years ago I had UTM 9 on a SG105 device and was able to have this function setup and was working great (until my broadband speed exceeded the power of the SG105 that is but thats another topic...)

Two quick questions please:

1)  How does one configure the content filter to restrict certain categories for all users and if a site is accessed that is blocked, allow a user to login to bypass the restriction?  We want to avoid having users login 100% of the time...so only login if a particular site is filtered and then allow that user to login to bypass it temporarily if that user's permissions allow.

2)  Certain devices need to bypass the filter altogether - i assume this is best accomplished by either mac address or static DHCP IP - how is this configured in the new GUI of XG?

Thanks all!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara
    Hi Luk - appreciate your replies, I also have the same question as being referenced above and also for a home license. Are you able to provide more in depth steps or screens perhaps? It looks as though user portal or user account creation is also required for this bypass item to work properly. I can't find any videos or steps from "soup to nuts" to get this to work - any ideas? -- Thx
  • +1 in reply to MarkRogers

    Mark,

    Sophos are going to publish new video soon. Anyway I can post some screenshot about how to create clientless users and additional web filters.

    So to create web filter see screenshot "Create Web Filter". In this way you can create 2 additional web filter, where the first will be used to allow website to all users while the second will be used to allow access only to authenticated users.

    Once Web filters are created, make sure to create to Policy Rule. The first is a user rule where you allow HTTP & HTTPS traffic to all users that need to access blocked website. Here make sure to set the proper Web Filter inside the rule. See screenshot "Web Filter".

    After this rule create a network rule where you allow HTTP&HTTPS traffic to all internal devices and use the other Web Filter created.


    Clientless users can be added as "users" and can be created under Objects > Indentity > Clientless.


    Also make sure to modify the Authentication Service. See "Authentication Services"

    Luk

Unfiltered HTML