Web Filtering Changes

As of the 9.2 release, Sophos UTM on AWS includes a new simplified interface for creating and managing your web filtering policies. While the interface has changed considerably, functionality has not changed. All of your existing settings have been preserved and if you make no changes the system will behave in the exact same way.

Previously, complex web policy involved creating web filtering profiles. These consisted of filter actions, created on the Filter Actions tab, which were then assigned to users and groups through filter assignments on the Filter Assignments tab, and then configured on the Proxy Profiles tab. Now, you can configure all aspects of your web filtering policy, including your default configuration and advanced filtering profiles from the Web Filtering > Policies tab.

Note – Take some time to familiarize yourself with the new interface and read the following overview. While it is different than previous releases, it should be much easier to create and maintain complex web policies.

Some Key Differences

Common Tasks

The following is a brief overview of how you perform common tasks in 9.2 and later compared to the 9.1 interface.

How do I: 9.1 9.2

Edit the default policy?

Configure the various tabs under Web Filtering:

  • Web Filtering > Antivirus/Malware
  • Web Filtering > URL Filtering
  • Web Filtering > Advanced
Web Filtering > Policies
Create or edit a proxy profile? Web Filtering Profiles > Proxy Profiles

Web Filtering > Web Filtering Profiles

Assign a filter assignment to a proxy profile?
  1. Create a filter action on Web Filtering Profiles > Filter Actions
  2. Create a filter assignment on Web Filtering Profiles > Filter Assignments
  3. Edit or add a proxy profile on Web Filtering Profiles > Proxy Profiles
  1. On Web Filtering Profiles > Filter Profiles, click on the name of a Filter Profile, or create a profile by clicking the green Plus icon.
  2. On the Policies tab, click the green Plus icon to add a policy.
  3. Select a Filter Action, or click the green Plus icon to create one.
Add a website to a blacklist in my default filter action? Web Filtering Profiles > Filter Assignments On Web Filtering > Policies, when creating or editing a policy, click the green Plus icon next to Filter Action.
Create a new filter action for my filter assignment? Web Filtering > URL Filtering and click the green Plus icon next to Additional URLs/Sites to block
  1. Web Filtering > Policies
  2. Select the Default content filter action
  3. On the Websites tab, click the green Plus icon next to Block these websites
Modify advanced settings? Web Filtering > Advanced Filtering Options > Misc
Manage trusted HTTPS CAs? Web Filtering > HTTPS CAs Filtering Options > HTTPS CAs

Migration

When you upgrade to version 9.2, your previous configuration and settings are preserved and your system will continue to behave the same. However, as the user interface has changed considerably, things may not be where you expect them to be. The Web Filtering menu item contains all the settings you need to apply a set of policies and actions to a single set of allowed networks. The Web Filter Profiles menu item contains corresponding settings, but allows you to create multiple profiles so you can apply different settings to different networks. All global settings are now on tabs on the Filtering Options menu item.

Some objects have been renamed. For example, Proxy Profiles are now Filter Profiles and Filter Assignments are now Policies. The Fallback Action is now called the Base Policy, as it is the policy/action that occurs if no other policies match. The relationship between these objects is much clearer, as all Policies are now listed on a tab of the profile. The Filter Action can be added or modified using a pop-up tabbed dialog that contains everything that can be configured for an action.

One of the limitations of 9.1 is that the default profile could only have one set of users assigned to it. This has been migrated to a policy called Default content filter profile assignment with a migrated filter action called Default content filter action. If you had other filter assignments created, these will now appear as disabled policies in the profile.

In 9.1 if you had created a profile just so that you could have multiple assignments you can simplify your configuration by enabling those policies in the default profile in the first menu option, making sure that your Allowed Networks is correct, and then deleting the now unnecessary additional profile.

Related Topics Link IconRelated Topics