Additional Options

Enforce Website Protection Features

SafeSearch: Certain search providers have a SafeSearch feature that is designed to remove adult content from search results. You can enforce the use of SafeSearch for Google, Bing, or Yahoo. When enabled, a provider's SafeSearch will be enforced, and cannot be turned off or bypassed by web filter users. To configure this feature, select the provider whose SafeSearch you want to enforce.

With Google SafeSearch, the UTM uses, a technique that also enforces SafeSearch for encrypted connections. Find out more on

Enforce license on image search results: If enabled, search engines will only return image results that have been labeled as being free to share, modify and reuse.

Enforce allowed domains for Google Apps: Google Apps can block users from accessing certain services unless their Google account is a member of the Google Apps domain. Turning this on enforces this feature, and cannot be turned off or bypassed by Web Filter users. To configure this feature, select Enforce allowed domains for Google Apps. Then, at the top of the Domains box, click the Plus icon or the Action icon to add or import Google Apps domains.

Cross Reference – Find information about Google application control in the Sophos Knowledge Base.


Enter or change the time of the Allowed minutes for all categories and tags included in quota option.

Note – All site categories and tags that have been set to Quota will count towards available quota time. Available quota time resets at midnight, or can be reset manually on the Web Protection > Policy Helpdesk > Quota Status page.

Network Configuration

You can configure parent proxies, both globally and profile-based (see Web Protection > Filtering Options > Parent Proxies).

Note – With parent proxies enabled, HTTPS requests are not possible in Transparent mode when SSL scanning is enabled.

To configure a parent proxy, do the following:

  1. Click the Plus icon at the top of the parent proxies list.

    The Add Parent Proxy dialog box opens.

  2. Make the following settings:

    Name: Enter a descriptive name for the parent proxy.

    Comment (optional): Add a description or other information.

    Use Proxy for These Hosts: Add hosts to this box for which the parent proxy is to be used, e.g. * Note that you can use pattern matching here. Regular expressions, however, are not allowed. If you leave the box empty, an asterisk (*) is automatically added when clicking Save, which matches all hosts. Such a proxy definition can therefore be regarded as a fallback proxy which matches when none of the other proxies, if existent, do.

    Parent proxy: Select or add the network definition of the parent proxy.

    Port: The default port for the connection to the parent proxy is 8080. If your parent proxy requires a different port, you can change it here.

    Proxy requires authentication: If the parent proxy requires authentication, select the checkbox and enter username and password in the appearing textboxes.

  3. Click Save.

    The new parent proxy appears in the Parent Proxies list and on the Web Protection > Filtering Options > Parent Proxies page.

To edit or delete a parent proxy, click the name of the proxy.

Activity Logging

You can select which activities will be logged:

  • Log accessed pages: This feature will log information about all pages that have been accessed through Sophos UTM.
  • Log blocked pages: This feature will log information about pages that have been blocked from being accessed.

Click Save to save your configuration, or Cancel to discard all changes and close the configuration dialog.