Control traffic requiring web proxy filtering
You can create a firewall rule with web proxy filtering for pre-configured FQDN host groups to enforce SafeSearch, YouTube restrictions, and to restrict sign-ins to Google Workspace applications.
Introduction
Proxy mode is needed to enforce SafeSearch, YouTube restrictions, and to restrict sign-ins to Google Workspace applications (for example, Gmail or Drive) to certain domain accounts. Sophos Firewall offers pre-configured FQDN host groups for these features and domains.
Create a firewall rule with these groups if you want to enforce control over these features, but want the DPI engine to enforce SSL/TLS inspection on the other traffic.
Create a firewall rule specifying FQDN host groups and web proxy filtering
- Go to Rules and policies > Firewall rules. Select protocol IPv4 or IPv6 and select Add firewall rule. Select New firewall rule.
- Specify the rule name and position.
-  Specify the following settings: Name Description Action AllowSource zone AnySource networks and devices AnyDestination zones WANDestination networks Select these pre-configured FQDN host groups: - SafeSearch enforcement
- YouTube restrictions enforcement
- Google app enforcement
 Services HTTP,HTTPS
-  Select the following web filtering settings: - Scan HTTP and decrypted HTTPS
- Block QUIC protocol
- Use web proxy instead of DPI engine
- Decrypt HTTPS during web proxy filtering
 
- Click Save.
Place the rule above the firewall rules that apply the DPI engine instead of the web proxy.
More resources