Endpoint Web Control

If you want to use an appliance together with Sophos Enterprise Console, you must provide Enterprise Console with an appliance hostname and an authentication key. Once this is configured, a web control policy can be applied to the endpoint machines by the designated appliance.

The authentication key is generated on the appliance as described below. You must then enter the same key as part of the Web control policy on Enterprise Console. The hostname and authentication key are published to the endpoints, allowing the endpoints to exchange data with the appliance.

Optionally, you can also enable Sophos LiveConnect so that policy updates are published to user machines, even when users are not directly connected to the network. In addition, you can choose to allow roaming endpoints to upload web activity data.


If you choose not to enable the LiveConnect options described in steps 4 and 5, endpoints that are disconnected from the network will:

  • use the last web policy downloaded before the endpoint machine disconnected from the network.
  • upload the most recent web activity data to the appliance when the endpoint machine reconnects with the network. The data is limited to the last two months of web activity.
  1. Select the Configuration > System > Endpoint Web Control page.
  2. Click On to enable Endpoint Web Control.
  3. In the Endpoint Authentication Key text box, there is an alphanumeric key. Enter the same key in the Sophos Enterprise Console. See “Configuring the web control policy” in the Sophos Enterprise Console documentation for specific instructions. If, at any time, you need to change the key, click Regenerate, and a new key will be displayed. This new key must then be transferred to Enterprise Console, replacing the original key.
  4. [Optional] Select Use Sophos LiveConnect Service. When this check box is enabled, policy updates are published to user machines, even when users are not directly connected to the network.
    Note Neither web traffic nor user data passes through LiveConnect. It is only used to securely publish web policy updates to users and to securely submit web activity reports from the endpoint machines back to the appliance.
  5. [Optional] Select Allow roaming endpoints to submit web activity reports. When this check box is enabled, web activity data is uploaded from roaming user machines and compiled for reports on the appliance. This option is only available when Use Sophos LiveConnect Service is enabled.
  6. Choose an alternate action for enforcing quota time on the endpoint.
    Sophos Endpoint Web Control cannot enforce time quotas. Here you can select to either Allow, Block, or Warn when an endpoint user visits a site that has an associated quota time policy.
  7. Click Apply.