How to configure Sophos Sandstorm for Web Protection

For Sandstorm to inspect files transmitted with HTTPs, turn on the Decrypt and Scan option and install the web proxy's signing CA on the clients. Then the UTM can inspect the HTTPS traffic and send files to Sandstorm.

  • Find information about the use of HTTPS Decrypt and Scan in this support article.

  • Find information about how to deploy the web proxy CA in this support article.

  1. To configure Sophos Sandstorm for Web Protection, go to Web Protection > Web Filter Profiles > Filter Actions.

  2. Either create a new filter action or edit an existing filter action.

    • To create a new filter action, click the New Filter Action button.

    • To edit an existing filter action, click the Edit button next to the filter action.

    The screen that appears is almost the same for both options.

  3. Click Antivirus, select the following options and then click Save:

    • Use antivirus scanning

    • Dual scan (maximum security)

    • Refer suspicious items to Sophos Sandstorm

    Note: If you’re creating a new filter action, complete the configuration and then click Save.

    You have now configured Sophos Sandstorm for Web Protection.

    Where to see Sophos Sandstorm statistics

    To see statistics about Sophos Sandstorm usage, click Advanced Protection.

    This page shows the Advanced Protection Statistics, where you can see a summary of all Sophos Sandstorm activity.

    How to release files from Sophos Sandstorm

    The Sandbox Activity page shows the suspicious files that are quarantined in the sandbox for further investigation. You can manually release these files.

    1. To release a file, go to Advanced Protection > Sophos Sandstorm > Sandbox Activity.

    2. To release a file, select the check box next to the file and then click Release.