Skip to content

Control traffic requiring web proxy filtering

You can create a firewall rule with web proxy filtering for pre-configured FQDN host groups to enforce SafeSearch, YouTube restrictions, and to restrict sign-ins to Google Workspace applications.

Introduction

Proxy mode is needed to enforce SafeSearch, YouTube restrictions, and to restrict sign-ins to Google Workspace applications (for example, Gmail or Drive) to certain domain accounts. Sophos Firewall offers pre-configured FQDN host groups for these features and domains.

Create a firewall rule with these groups if you want to enforce control over these features, but want the DPI engine to enforce SSL/TLS inspection on the other traffic.

Create a firewall rule specifying FQDN host groups and web proxy filtering

  1. Go to Rules and policies > Firewall rules. Select protocol IPv4 or IPv6 and select Add firewall rule. Select New firewall rule.
  2. Specify the rule name and position.
  3. Specify the following settings:

    Name Description
    Action Allow
    Source zone Any
    Source networks and devices Any
    Destination zones WAN
    Destination networks

    Select these pre-configured FQDN host groups:

    • SafeSearch enforcement
    • YouTube restrictions enforcement
    • Google app enforcement
    Services HTTP, HTTPS
  4. Select the following web filtering settings:

    • Scan HTTP and decrypted HTTPS
    • Block QUIC protocol
    • Use web proxy instead of DPI engine
    • Decrypt HTTPS during web proxy filtering
  5. Click Save.

Place the rule above the firewall rules that apply the DPI engine instead of the web proxy.

More resources