Sophos UTM Web Protection Workflow

Did you ever asked yourself how the web protection workflow is working within the Sophos UTM? Many customers have problems to understand the way the proxy works. The proxy can be used transparent (man-in-the-middle for http/https) or by “standard” where you use the proxy within your browser or WPAD. The proxy differentiates requests by source, person and time.

Here is a workflow graphic I made:

Sophos UTM Web Protection Workflow

this is a workflow of one of my basic configuration for my customers. But how did it look like in the Sophos UTM WebAdmin? I configured a virtual test appliance with the names and settings like above to make it clearer:

webfilterprofiles

Profile for Server Area:

filterassignment_server

Profile for Office LAN:

filterassignment_officelan

Profile for Guests

filterassignment_guests

I always configure new categories for the groups /purpose:

categories

I recommend to configure from “behind to ahead”: Categories > Filter Actions > Filter Profiles. Here are my filter actions for this example:

filteractions

 

  • Example 1
    • Server “CustomerDC01” with IP 192.168.1.12 wants to update the Windows OS (http requests to update.microsoft.com)
      • HTTP connection will be grabbed and allowed through the proxy because of global exception entry
    • Server “CustomerDC01” with IP 192.168.1.12 wants to download SAP files from the internet
      • Connection will be grabbed, scanned for malware (transparently, no proxy needed within a browser or system)
  • Example 2
    • User “carl” (Member of GL_All and GL_FacilityManager) wants to access Facebook at 4 o’clock
      • Browser says to proxy “please go to facebook for me” > Proxy blocked website (because social media is only allowed from 12 am to 1 pm)

 

If you want further examples, feel free to comment. Have a nice weekend! 🙂

2 thoughts on “Sophos UTM Web Protection Workflow”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.