Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Implement Web Protection In Sophos XG Firewall

Here in this article we will discuss how to implement web protection in sophos XG to block or allow the websites through Sophos XG firewall.

In this article my requirement is to block Facebook website and allow twitter website in the same web policy. First we need to create web policy.

Creating Web Policy:

Login to firewall and click on Web and then create individual URL groups for Facebook and twitter.

Click on Web >> URL groups and then add URL group

Facebook URL Group

facebook url group

Twitter URL Group

twitter url group

Now add these two URL groups into two different user activities. Click on Web >> user activities and add user activity and add URL group into this User Activity

Facebook User Activity

facebook user activity
Facebook User Activity

Twitter User Activity

twitter user activity
Twitter User Activity

Now we have created two different user activities for two different URL groups, we need to integrate these two user activities in web policy. We need to allow twitter user activity and block Facebook user activity

web policy
Web Policy

Once you add this web policy, make sure to turn on that web policy rule by clicking on enable option beside that rule as shown in the above image. Now save the web policy which you have created.

We need to integrate web policy with firewall rule, identify the specific firewall rule and add this new policy to the specific firewall rule as shown below

firewall rule
Firewall rule web policy

As shown in the above image, we have added test web policy in the firewall rule. Sometimes if we do not enable this option “Scan HTTP and Decrypted HTTPS“, firewall might not block secured URL’s as firewall cannot intercept the secure connections. Now to make this scan HTTP option to work properly, we need to download firewall HTTPS certificate in all clients in your network.

Installing HTTPS Certificate:

To identify which secure certificate is being used, click on Web and then click on General Settings

general settings
General Settings

It is using securityappliance certificate. Click on Certificates >> Certificate Authorities identify Securityappliance_SSl_CA and then click on download option as shown in below image

security appliance ssl ca
Security appliance SSL CA

It will be downloaded in PEM format as shown in the below image

pem file
Security certificate

Open run button in windows machine and type this command “certmgr.msc” as shown in below image

certmgr msc
Certificate Manager

Then right click on trusted root certificate authorities and then click on import certificate as shown in below image

Import Certificate

Now click on next and select local machine then click browser for PEM file which we have downloaded in this machine as shown in image below

all files
PEM file

Note: Make sure to select all files option as shown in the above image, else PEM file will not be listed to select.

Now click Next and select place in trusted root certificate authorities and then click on Next button multiple times and click on finish button in final step.

Import will be successful.

Hope this article helps you