Configuring Security Filtering

This page of the administrative web interface is not available on a joined web appliance as this functionality has been shifted to the management appliance.

Sophos supplies the web appliance with lists of URLs compiled by SophosLabs. These URLs are classified according to their level of risk.

The Configuration > Global Policy > Security Filter page allows you configure how the web appliance treats websites, based on the level of risk associated with the site. Although a specific action applies to most classifications by default, you can choose to block or scan user requests for Medium risk sites. You can also configure how the appliance treats user requests for Unclassified sites.

To set the actions for Medium risk sites, and set the risk level for Unclassified sites:

  1. Configure the action for Medium risk sites (all other classifications have a default action and are non-configurable):
    • High risk: These sites have been analyzed by SophosLabs and are know to host malicious content that may compromise network security. These sites are always blocked.
    • Medium risk: These sites have been analyzed by SophosLabs and have a history of poor privacy/security practices that may compromise network security. Use the drop-down list to specify whether medium risk sites are blocked or scanned.
      • Block: Prevent access to all medium risk sites.
      • Scan: (Recommended) Fully scan all content on the site before access to the site is allowed. The pages and downloadable content of the sites are scanned for viruses, malware, and conformance to your organization’s viewable content policy. All files are scanned, regardless of file type.
    • Low risk: These sites are periodically reviewed by SophosLabs to verify site contents. They have no recent history of malicious content or behavior. These sites are always scanned.
    • Trusted: These sites are selected by SophosLabs and meet strict security criteria. Content from these sites is always allowed.
  2. Configure a risk level for Unclassified sites. These sites have yet to be analyzed or reviewed by SophosLabs and may compromise network security. The options are:
    • Low risk: (Recommended) This is the default setting. Files that Sophos considers unsafe are scanned. SophosLabs maintains an up-to-date list of file types that are deemed unsafe.
    • Medium risk: All files on medium risk sites are scanned. Selecting this option will apply the setting selected for medium risk sites as described above. If medium risk sites are set to Scan, all files on unclassified sites are scanned, regardless of file type. Sophos recommends setting unclassified sties to Low risk to ensure an optimal balance between scanning and user experience.

    • High risk: All files on the site are blocked, regardless of file type.
  3. Click Apply.

To view a list of local sites, click the Sites button next to the risk classification that you want to view. The Local Site List page is displayed, and any local sites specified for that classification are shown. You can also enter new sites by clicking Add Site. For more information, see “Configuring the Local Site List” and “Using the Local Site List Editor”.