Sophos Firewall: URL Whitelisting Using Web Filter Policy

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

---

Table Of Contents:

• Overview
• Configuration
• Related Information and Reference KBA

Overview:

This is to aid in cases where issues with FQDN-based rules are encountered. When using Fully Qualified Domain Names (FQDNs), multiple dependencies are related to DNS resolution and updates based on their Time to Live (TTL) settings. This can result in service disconnections, and troubleshooting FQDNs and wildcards can be complex. 

This Recommended Read will walk you through how to whitelist URLs in the firewall using either FQDN or Web filter, with this RR focusing specifically on a Web filter-based rule. 

 

Configuration:

1. Allowing URLs using the FQDN-based firewall rule.

• Create an FQDN host:

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/HostsAndServices/HostsServicesFQDNHost/index.html#add-an-fqdn-host 

• Create a firewall rule:

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRuleAdd/index.html 

 

2. Allowing URLs using a web filter-based firewall rule.

• How to add a custom category:

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Categories/WebCategoryAdd/index.html 

• How to create the Web filter policy:

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Policies/WebPolicyAdd/index.html 

Describing method allowing URLs via web filter-based firewall rule using the below scenario as an example:

Use case scenario: Restrict access through the firewall to only allow Sophos NDR URLs using a web filter-based rule.

To ensure optimal security and functionality, it is essential to allow specific domains. You can easily find the necessary list of URLs in the Sophos documentation, which will guide you in making the appropriate adjustments.

https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Integrations/DataCollectorReqs/index.html#port-and-domain-exclusions 

• Create a custom Web Category:  

Navigate to Protect -> Web -> Categories -> Click Add.

A category was created with the name NDR_URLs, and all the domains given in KBA were added.

 

• Create a Web Filter Policy:  

Go to Protect -> Web -> Policies -> Add Policy. 

 

Web filter policy created with the default action as Block HTTP. Later, added the category created with step1 which allows HTTP and HTTPS. 

 

• Create a firewall rule: 

Go to Protect -> Add -> Rules and Policies -> Add firewall rule. 

This method effectively streamlines the allowing of URLs through the firewall and identifies any URLs denied in the web filter logs. 

 

 

Related Information and Reference KBA:

Wildcard FQDN troubleshooting: https://support.sophos.com/support/s/article/KB-000041593?language=en_US 

 

---

Edited Formatting
[edited by: Raphael Alganes at 3:44 PM (GMT -7) on 3 Apr 2025]