Protection policies

Using policies, you can define protection from vulnerability exploits, such as cookie, URL, and form manipulation.

Policies also mitigate common threats such as application and cross-site scripting (XSS) attacks.

Sophos Firewall provides default policies for some common web services, for example, Exchange Autodiscover.

Migrated protection policies

SFOS 18.0 has implemented changes in the categories and settings of web server rules and protection policies based on the OWASP ModSecurity Core Rule Set 3.0.

Sophos Firewall has merged some protection categories into a single category, mapped filter rules to new rule IDs, and introduced filtering strength levels.

Note If a category was turned on earlier, the new category into which it's merged is turned on during migration. For example, if a pre-migration policy has Protocol violations turned on and Protocol anomalies turned off, the post-migration category Protocol enforcement, which contains both categories, is turned on.
Table 1. Protection policy categories and settings



Protocol violations

Protocol anomalies

Request limits

HTTP policy

Protocol enforcement

Generic attacks

Tight security

Application attacks

Bad robots

Scanner detection


Data leakage

Rigid filtering

Filter strength with four levels of filtering.

Rigid filtering setting migrates to Level 1 (Most permissive) setting. We recommend that you evaluate your protection policies and change the setting, if necessary.


Removed the category.

Anti-virus scanning protects from trojans.

Rule IDs in Skip filter rules

Rules have been mapped to new rule IDs. For skipped rules that map to a new rule ID, the new rule continues to be skipped after migration.

Unmapped rules and rules that have been removed or merged into a new rule are removed from the skip rule list.