Recommended settings

There are two polices to choose from when configuring web control: Inappropriate Website Control and Full Web Control. The recommendations differ, depending on which policy you select. When setting up your web control policy, consider the following:

Inappropriate Website Control

  • Review the action for each website category, and make adjustments to suit your organization or group. To grant web access differently for various computer groups, create different policies for different groups. For example, there may be websites, such as Facebook, that you want to make available only to the human resources department.
  • Plan a list of website exemptions prior to rolling out a policy. You can manually enter websites that you want to exclude from the policy using the Website Exceptions tab. For example, you may have a series of local web addresses that do not require filtering, or you may want to block websites within a category that is otherwise allowed.
  • Use the web control Event Viewer to quickly filter events for investigation. You can access the Event Viewer by clicking Events > Web Events. You may want to adjust the website category settings, based on the actions displayed.

Full Web Control

Restriction You must have a Sophos Web Appliance or Security Management Appliance to use the Full Web Control policy.
  • The Sophos Web Appliance Configuration Guide and the Security Management Appliance Configuration Guide contain general guidelines for setting up your appliance. The appliance provides a setup wizard to assist you in choosing the settings that are best for your organization.
  • You may want to configure different policies for different types of users. See the Sophos Web Appliance online product documentation for details.

    The Sophos Web Appliance documentation is available at Sophos Web Appliance.

  • Prior to rolling out a policy, plan for any exceptions to the web control policy. For example, you can use the "Special Hours" feature to grant some or all access to certain websites outside of regular working hours, such as during the lunch hour. You can also create "Additional Polices" that only apply to certain users, and are exceptions to the Default Policy and the Special Hours policy.
  • Consider what action (if any) that you want the Web Appliance to take if information for a website cannot be categorized. The check box Block browsing if the website category cannot be determined is not selected by default. This means that users are allowed to continue browsing if the categorization service fails. When the check box is selected, URLs that cannot be categorized are blocked until the service is restored.

For more information, see the Sophos Enterprise Console and Sophos Web Appliance documentation.