Full Web Control

Note: This feature is not included with all licenses. If you want to use it, you might need to customize your license. For more information, see http://www.sophos.com/en-us/products/complete/comparison.aspx.

If you have a Sophos Web Appliance, Sophos Management Appliance, or Sophos UTM appliance (version 9.2 or later) you can distribute an appliance-based policy to your users by way of Enterprise Console.

Endpoint computers communicate with Enterprise Console in the same way as when the Inappropriate Website Control policy is selected, but the web-filtering rules and web activity logs are synchronized with the appliance that you specify. The policy is stored on endpoint computers and applied, based on the latest Sophos data.

Users are blocked, warned or allowed, according to the web control policy. You can view user activity data using the Reports and Search features on the Web Appliance or Management Appliance, or Logging & Reporting > Web Protection option on the UTM appliance. Web control events are all recorded on the appliance; however, sites scanned and assessed by Sophos Endpoint Security and Control's live URL-filtering (Web protection) are recorded as web events in Enterprise Console.

Note: Although HTTP and HTTPS sites are both filtered in all supported web browsers, in a Web Appliance or Management Appliance user notifications are different, depending on whether the URL is HTTP or HTTPS. With HTTP sites, users see notification pages for sites in categories set to "Block" or "Warn." For HTTPS, users only see "Block" notifications, and they are displayed as a balloon tip in the Windows System Tray. HTTPS "Warn" actions are not displayed to users, nor are they logged. Instead, users are allowed to continue to the requested page, and it is logged as a "Proceed" event in the Web Appliance or Management Appliance.

UTM appliance uses a central cloud-based service called Sophos LiveConnect for protecting and monitoring endpoint computers. LiveConnect allows you to always manage all of your endpoints, whether they are on your local network, at remote sites, or with traveling users—policy updates are distributed to users, and reporting data from endpoint computers is uploaded, even when users are not connected from within the network.

When using Web Appliance or Management Appliance, endpoints can communicate with the appliance either directly or through Sophos LiveConnect.

With Full Web Control selected, a full-featured policy takes effect. Full Web Control offers the following benefits over basic web control, depending on the appliance you use:

For more information on configuring a full Web Appliance policy, see the Sophos Web Appliance documentation available at http://wsa.sophos.com/docs/wsa/.

The UTM appliance documentation is available at http://www.sophos.com/en-us/support/documentation/sophos-utm.aspx.