Filtering
For a Web Gateway policy, you can configure allow and block rules, and trusted domains and IP addresses.
To change the filtering settings, in the Web Gateway policy, click Settings to show the Filtering options.
Category Filtering
Use this to control which websites your users are allowed to visit. You can set options for security categories or productivity categories.
For more information on how Sophos filters websites, see Sophos Web Security and Control Test Site.
Security Categories
Use this section to configure access to websites that are known to be high-risk. You can choose these options:
- Block risky downloads: This will block all high-risk websites.
- Block All: This blocks all traffic categorized as security.
- Custom: Lets you choose which categories you want to Allow, Audit, Warn or Block.
To see the effect of an option on various categories of websites and downloads, click View Details.
Productivity Categoties
To see the effect of an option on various categories of websites, click View Details.
- Keep It Clean: Prevents users from accessing adult and other potentially inappropriate or controversial websites.
- Audit Potential Risks: Allows administrators to flag events where users visited adult, controversial or data sharing websites that could be a potential risk. The user is not shown any type of warning.
- Conserve Bandwidth: Blocks inappropriate browsing and site categories likely to consume high bandwidth.
- Business Only: Only allows site categories that are generally business-related.
- Block Data Sharing: Blocks any website associated with data sharing activities. This helps prevent data loss.
- Custom: Lets you choose which category groups or individual categories of sites you want to Allow, Audit, Warn or Block.
Web Filtering
Use this to control access to websites that you have "tagged", that is, put into your own categories, in
.- Select Web Filtering .
- Click Add New (on the right).
- Select your Website Tag and set the Action to one of
the following options.
- Allow allows access to the website.
- Audit allows access to the website, but associates an Audit action with the website so that you can filter and report on these events.
- Warn displays a warning to the user, but allows them to proceed to the website if they decide they want to.
- Block denies access to the website and shows the user a block page (which you can customize).
Data Filters
Use this to specify keywords and regular expressions that should be identified and used for filtering web pages.
To set up a filtering rule:
- Select Data Filters .
- Click Add New (on the right).
The Add Data Filter dialog is displayed.
- Enter a Name for the rule.
- Choose whether to Allow, Audit, Warn or Block the content once a rule is matched.
- Choose whether the filter applies to Download, Upload or Both.
- Select the Type:
- Manual. If you select this, enter a Keyword and a Count (number of occurrences).
- Template. If you select this, choose a template from the drop-down list.
The rule is applied when all the conditions of the filter are met.
Web Safe Mode
Use this to help restrict access to inappropriate images or videos.
- Enable Google SafeSearch. This helps to block inappropriate or explicit images from Google search results.
- Enable YouTube restricted mode. This hides videos that may contain inappropriate content (as flagged by users and other criteria).
SSL Scanning
Use this to configure whether web pages should be decrypted to identify potential malware or content that should be filtered. You can select SSL scanning for:
- Risky websites.
- Search engines and social media.
- Let me specify. This lets you set options for each category of website.
For each category, you can specify whether to scan all sites in the category, or select Let me specify again to select which subcategories to scan.
Trusted Destination IPs & Domains
Use this to specify IP addresses and domains for which traffic will not be routed through the Web Gateway. Instead that traffic will go directly to the internet.
Trusted Source IPs
Use this to specify source IP addresses and subnets where traffic will not be routed through the Web Gateway.
When the Web Gateway agent is on the specified IP address or subnet, Web Gateway will not run. This setting is often used for known safe networks where network security is already in place.