Sophos XG: Web and application filtering

In this tutorial, we’ll see how to put filtering on outgoing streams with a Sophos XG firewall.

I will show you the two filter modules:

• Web: which is an internet proxy
• Application: level 7 filtering that allows to act the applications and actions available on a website

For both modules, you must create a filtering policy and then apply it to the firewall rule.

Create a Web Filtering Strategy

1. On the firewall interface, click Web 1 . The set of policies are displayed, by default Sophos proposes policies. Click Add Strategy 2 .

2. Enter a name for strategy 1 , a description (optional) and then click on Add Rule 2 .

3. A new rule is added 1 , for the moment it blocks all the traffic. Click ALL web traffic 2 to edit it. We will block access to sites that are categorized in Sexually Explicit.

4. Remove 1 All web traffic then click Add new item 2 .

5. Click on Display a … 1 then choose Web Category 2 .

6. Check the box for Sexually Explicit category 1 and click Apply X to selected items 2 .

7. The added rule, we must now configure the action, click on the chevron 1 and click on the desired action for the HTTP and HTTPS filtering, in the example we choose Block 2 .

8. Activate the rule by clicking OFF 1 to switch it to ON.

The following points are optional, in the following, we add a second filtering rule on social networks, by putting as Alert action, which allows to display a page to the user indicating that the navigation to this site is tolerated, he must click a button to confirm navigation.

9. Add a rule by choosing the Social Networking category.

10. Configure the action by selecting Alert HTTP.

11. Do the same with the HTTPS action and activate the rule by switching it to ON.

12. Click Advanced Settings 1 and if desired, you can limit the size of the download items by selecting option 2 and indicating the maximum size 3 .

13. When the policy is configured, click Save.

14. Click Ignore this step 1 , the next page discusses this topic.

15. The strategy is added.

Now that the policy is created, we will see how to add a rule to the firewall and apply the strategy to filter the web browsing.

Add a rule to the firewall with Web filtering policy

In this part, we will see how to add an exit rule on the internet (Lan to Wan) by applying a web filtering strategy.

1. Go to Firewall 1 then click Add firewall rule 2 and Network / user rule 3 .

2. Configure the rule:

1 Name the rule 2 Action Accept 3 Source : LAN 4 Destination : WAN 5 Enable HTTP control 6 Select Web Strategy 7 Enable traffic logging 8 Click on Save

To control the HTTPS flow, this involves SSL decryption and requires the deployment of a certificate. Web filtering will still be active on HTTPS streams, however, users will have a blank page in case of blocking.

For more security, it is also possible to limit the services in the rule, we could have configured only HTTP / HTTPS streams

3. The rule is added.

On the right side of the rule, we can see the active controls

All flows in this rule will be filtered by the web strategy.

Application filtering

With the Sophos XG firewall, it is also possible to filter the application flow.

Before you start, first define the term application at the firewall, because it takes into account several parameters to complete an application:

• Detection of applications with respect to the header of the outgoing agents on the internet, for example Skype uses a particular header that can detect usage.
• Detection of remote applications or directly from the website, this part is interesting because it allows to rust functionality of some site such as blocking comments on Facebook or the impossibility of clicking on Like button. This allows access to the site by blocking functions, which is less frustrating for users.

Personally, I never had a collaborator who came to complain about the impossibility to start on facebook, conversely they complain about complete blockages of websites.

Overview of “Facebook” applications:

1. On the administration click on Applications 1 to access the list of filters. Click Add 1 to create a filter.

2. Name filter 1 and click Save 2 .

3. The filter is created, it must now be modified to add applications, click on the icon 1 .

4. Click on Add 1 .

5. Find the desired application 1 , select the 2 , set the action 3 and click Save 4 .

In the example above, I blocked the download and send file on the site 1file, this allows to block access to the site but limit the use of services.

6. We see that the application is added to the strategy, click on Save 1 .

7. Edit the previously created rule and add the strategy in Application Control 1 and Save 2 .

8. In the rule preview, the APP badge is green.

Log visualizations

Log visualization is not the firewall interface by clicking Reports.

To have data, it is mandatory to implement web and application policies, because in their absence the flow does not pass in the proxy part of Sophos.

Example of reports on web filtering

Example of reports on application filtering