Control traffic requiring web proxy filtering
You can create a firewall rule with web proxy filtering for pre-configured FQDN host groups to enforce SafeSearch, YouTube restrictions, and to restrict sign-ins to G Suite applications.
Proxy mode is needed to enforce SafeSearch, YouTube restrictions, and to restrict sign-ins to G Suite applications (for example, Gmail or Drive) to certain domain accounts. Sophos Firewall offers pre-configured FQDN host groups for these features and domains.
Create a firewall rule with these groups if you want to enforce control over these features, but want the DPI engine to enforce SSL/TLS inspection on the other traffic.
Create a firewall rule specifying FQDN host groups and web proxy filtering
- Go to Rules and policies > Firewall rules. Select protocol IPv4 or IPv6 and select Add firewall rule. Select New firewall rule.
- Specify the rule name and position.
Specify the following settings:
Name Description Action
Source networks and devices
Destination networks Select these pre-configured FQDN host groups:
YouTube restrictions enforcement
Google app enforcement
Select the following web filtering settings:
- Scan HTTP and decrypted HTTPS
- Block QUIC protocol
- Use web proxy instead of DPI engine
- Decrypt HTTPS during web proxy filtering
- Click Save.
Place the rule above the firewall rules that apply the DPI engine instead of the web proxy.