Control traffic requiring web proxy filtering

You can create a firewall rule with web proxy filtering for pre-configured FQDN host groups to enforce Safe Search, YouTube restrictions, and to restrict sign-ins to G Suite applications.

Introduction

Proxy mode is needed to enforce SafeSearch, YouTube restrictions, and to restrict sign-ins to G Suite applications (for example, Gmail or Drive) to certain domain accounts. XG Firewall offers pre-configured FQDN host groups for these features and domains.

Create a firewall rule with these groups if you want to enforce control over these features, but want the DPI engine to enforce SSL/TLS inspection on the other traffic.

Create a firewall rule specifying FQDN host groups and web proxy filtering

  1. Go to Rules and policies > Firewall rules. Select IPv4 or IPv6 protocol and select Add firewall rule. Select New firewall rule.
  2. Specify the rule name and position.
  3. Specify the following settings:

    Name

    Description

    Action

    Allow

    Source zone

    Any

    Source networks and devices

    Any

    Destination zones

    WAN

    Destination networks

    Select these pre-configured FQDN host groups:

    • SafeSearch enforcement
    • YouTube restrictions enforcement
    • Google app enforcement

    Services

    HTTP, HTTPS

  4. Select the following web filtering settings:
    • Scan HTTP and decrypted HTTPS
    • Block QUIC protocol
    • Use web proxy instead of DPI engine
    • Decrypt HTTPS during web proxy filtering
  5. Click Save.

Place the rule above the firewall rules that apply the DPI engine instead of the web proxy.