On the Web Protection > Web Filtering > Global tab you can make the global settings for the Web Filter.

To configure the Web Filter, proceed as follows:

  1. On the Global tab, enable the Web Filter.

    Click the toggle switch.

    The toggle switch turns green and the Default Web Filter Profile area becomes editable.

  2. Select the allowed networks.

    Select the networks that should be allowed to use the Web Filter. By default, the Web Filter listens for client requests on TCPClosed port 8080 and allows any client from the networks listed in the Allowed Networks box to connect.

    Caution – It is extremely important not to select an Any network object, because this introduces a serious security risk and opens your appliance up to abuse from the Internet.

  3. Select a mode of operation.

    Note that when you select an operation mode that requires user authentication, you need to select the users and groups that shall be allowed to use the Web Filter. The following modes of operation are available:

    Cross Reference – For more information on configuring browser authentication in standard mode, see the Sophos Knowledge Base.

    When configured to use authentication, you have the option to Block access on authentication failure. If you are using AD SSO and do not block access on failure, an SSO authentication failure will allow unauthenticated access without prompting the user. If you are using Browser authentication and do not block access on authentication failure, there will be an additional Guest login link on the login page to allow unauthenticated access.

  4. Enable device-specific authentication.

    To configure authentication modes for specific devices, select the Enable device-specific authentication checkbox. Once enabled you can click the green Plus icon to add device types and associated authentication modes.

  5. Click Apply.

    Your settings will be saved.

Important Note – When SSL scanning is enabled in combination with the transparent mode, certain SSL connections are destined to fail, e.g. SSL VPN tunnels. To enable SSL VPN connections, add the respective target host to the Transparent Mode Skiplist (see Web Protection > Filtering Options > Misc). Furthermore, to access hosts with a self-signed certificate you need to create an exception for those hosts, selecting the option Certificate Trust Check. The proxy will then not check their certificates.

Live Log

The Web Filtering live log gives you information on web requests. Click the Open Live Log button to open the Web Filtering live log in a new window.

Related Topics Link IconRelated Topics
© 2019 Sophos Limited Sophos UTM 9.600