Configure advanced web protection such as caching behavior and proxy settings.

Web Content Caching

Enable web content cache
Keep a copy of frequently visited sites to reduce bandwidth consumption and improve performance.
Always cache Sophos Endpoint updates
Keep a copy of Sophos Endpoint updates to improve performance on your network.
Note If this option is disabled you may experience network congestion when many endpoints attempt to download updates from the Internet at the same time.

Web Proxy Configuration

The firewall intercepts traffic transparently and enforces web protection (for example, policies and malware scanning) when the web proxy service is enabled for a network zone. By default, the service is enabled for LAN and WiFi zones. In transparent mode, the firewall allows HTTP traffic on port 80 and HTTPS traffic on port 443 only.

However, you can also configure the firewall to act as a proxy for configured web browsers by specifying a web proxy listening port. Users who are behind the proxy must specify the LAN or WiFi address and port in the web proxy configuration settings of their browsers. (Refer to the browser documentation for details.)

Specify the web proxy listening port and allowed destination ports when you want the firewall to act as a web proxy for configured web browsers.

Note IPS policy is applicable on the traffic between proxy and WAN, but not between user and proxy.
Note Traffic shaping policy is not applicable on the direct proxy traffic.
Web Proxy Listening Port
Specify the port on which the web proxy will listen for HTTP connection requests.
Allowed Destination Ports
The firewall may receive requests to connect to remote servers using a non-standard port. Specify the ports on which the proxy will allow connection. (This setting applies only when the web proxy listening port is set.)
CAUTION Allowing connection on non-standard ports may pose a security risk.
Type a number and click the Add button () to add a trusted port. Click the Cancel button () to delete a trusted port, or the Edit button () to modify a trusted port.
Click to Apply changes.