What is the current status of Chromebook filtering support?

Hello Tony,

Thank you for contacting the Sophos Community!

You need to use Sophos Mobile for Chromebooks to accomplish the web-filtering part, and this combined with the Chromebook Agent with the XG you can provide protection for onsite and roaming users.

Here is the KB on Sophos Mobile features, but I have outlined the ones related to your query below.

Added support for Chromebook Security Management

The support for Chrome OS as a client platform has been added to Sophos Mobile 9.5.

• Supports device-side web filtering for Chromebooks and other Chrome devices
• Provides a Chromebook extension for enrollment, messages, and compliance information
• Filtering for malicious web pages and 14 productivity web filtering categories
• All filtered pages can create events for reporting
• Extension allow-/block listing G Suite or admin/self-service enrollment
  
  

Regards,

So from what I gather, this is an entirely separate product that doesn't integrate directly with all the web filtering rules we have in place on our XG devices already? Meaning we'd then have to maintain filtering rules across 2 products still?

This doesn't seem ideal for us.

As XG is a firewall product with proxy integrated, it can only interact with devices, which are "behind" XG. If you mobile devices leaving the network of XG, the management and protection is relaying on other products. For example Mobile. Its a MDM (Mobile device management) product by Sophos, which can also manage Chrome OS. 

That isn't what I was told by my account manager when I was buying XG. I was told that there would be an app being developed that worked with XG for offsite devices. Sophos's competitors (eg. Smoothwall) manage to do it now, so why not Sophos? They have an extension you force deploy via G Suite, and it uses the on-premises filtering even when off site.

You should contact your account manager to clarify everything.

That likely won't make any difference tbh. The issue is that Sophos XG isn't offering a feature their competitors are, and instead are pushing people towards buying a separate product with the added overheads of running 2 products. Whereas their competitors do it all in one now.

When my renewal is up, it will definitely make me think twice about continuing with XG to be honest!

I understand your concerns. But do not forget, Central is the platform to go forward. The story of Central is, everything managed by Central, even the XG Firewall. Hence you would have only one product, Central. 

PS: As far as i understand, Sonicwall is using a VPN Solution to connect the Device to the appliance to scan the traffic. That should be possible with OpenVPN and XG. 

But the Management of all those devices is somewhat difficult. So a MDM Solution like Sophos Mobile would be a good addition anyways for other purpose. 

Your understanding of Chromebook device management is wrong I'm afraid. Managing them is very easy via G Suite's control panel. There's no need for a third party MDM for any functionality on them. Smoothwall uses a Chrome extension - if it is using VPN tech behind the scenes then it is seemless and requires zero extra config.

This is a major hole in Sophos's product line up IMO. Schools are moving heavily into 1:1 schemes with Chromebooks. So much so that there is a worldwide shortage of Chromebooks for sale - lead times are currently 4-5 months in the UK. Not having a simple, extension based, system to utilise XG for off-site filtering on Chromebooks will make many schools look at other solutions such as Securly or Smoothwall.

Actually Sophos mobile inject itself into G Suite and provide more features into this. 

I never saw a Chromebook in my life, mainly because i am from Germany, and they are rare, but i understand, where you are coming from. 

Actually Sophos mobile inject itself into G Suite and provide more features into this. 

I never saw a Chromebook in my life, mainly because i am from Germany, and they are rare, but i understand, where you are coming from.