Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 4578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do you leverage web filtering on the XG and URL filtering with Intercept X Advanced?

MrMojoRisin76

I'm thinking of deploying Intercept X Advanced and was wondering how does it's URL Filtering interact with XG Web Filtering policies? Do the 2 ever interfere with each other, do they play well together?



This thread was automatically locked due to age.
  • 0

    Hello MrMojoRisin76,

    At the moment Synchronous security feature us limited feature which is not involve URL filtering. It would coordinate with the firewall to block/isolate the infected machine.

    For more info please visit.

    https://www.sophos.com/en-us/lp/synchronized-security.aspx

  • 0 in reply to Aditya Patel

    Hello ,

     

    Is there any plan to leverage the functionality of web filter, application filter for roaming user through synchronized security or standalone agent?

     

    Regards, Ronak.

  • 0 in reply to Ronak Sheth

    Hi Ronak,

    There is a feature for unknown application signature i.e. cloud applications. The endpoint will list the applications which is not listed and XG will display the list.You can block the applications generating such traffic via endpoint.

  • 0 in reply to Aditya Patel

    Hello ,


    I am aware of synchronised application. My concern is, do we have any plan to protect the roaming users (system on Datacard, Public WiFi, Hotspot) with webfilter and application filter like McAfee Client Proxy or Forcepoint Web Security Endpoint?

     

    The end point client will redirect all web traffic to XG web proxy when they are out of office.

     

    Regards, Ronak.

     

  • 0 in reply to Ronak Sheth

    Hello Ronak,

    No we do not have such provision yet. Our endpoint would be sufficient to do that but there is no way to route the traffic unless you are using a RED device or a VPN and use XG as a proxy.

  • 0 in reply to Aditya Patel

    Hello

     

    Thanks for the update but it is not mandatory that all customer will opt for Sophos EP.  RED is a fix device which needs to be installed as a gateway for a branch office and cannot protect roaming user. Yes, VPN is only the workaround which is not dependent on any EP and can work when the user is out of the corporate network. But, the issue with VPN is the control remains with the user, if they do not connect to the corporate network they remain unprotected and when it comes to security it has to be system driven and not the user.

     

    I hope the XG product team will evaluate this behaviour and develop some agent similar to McAfee Client Proxy or Forcepoint web security.

    Regards, Ronak.

  • 0

    I think the phrasing of the question led down a wrong path.

    Intercept X Advanced is a feature of Sophos Endpoint. Intercept X Advanced is not related to web filtering.  However Sophos Endpoint does indeed have web filtering.

     

    Assuming for a moment that you are using Sophos Central to manage your Endpoints, take a look at this.
    https://community.sophos.com/kb/en-us/121797

     

    SEC-controlled endpoints are different, but also have some web filtering.

     

    I may be wrong in this, but I think currently you manage the web control and filtering in Central and the XG web filtering on the XG appliance.  These are currently two separate configurations.  The plan (I have no timeline) is to allow for a single place to configure it and have it work on both.  You might want to talk to a Sophos Partner or someone from the Sophos Sales team about that, especially if you are buying something now that you naturally upgrade to when it becomes available.  

     

    That being said, there no interference between any of the products.  When the computer is behind the firewall you will be doing dual-work, which some might consider inefficient and other people think is important to do (and some places regulate that you must).  When the computer is not behind the firewall (home, internet café) then the Endpoint still does all the filtering.

  • 0 in reply to Ronak Sheth

    Ronak Sheth said:

    I am aware of synchronised application. My concern is, do we have any plan to protect the roaming users (system on Datacard, Public WiFi, Hotspot) with webfilter and application filter like McAfee Client Proxy or Forcepoint Web Security Endpoint?

    The end point client will redirect all web traffic to XG web proxy when they are out of office.

    Sophos does have a solution that does this, see here: https://community.sophos.com/kb/en-us/122461

    However AFAIK that is not the favored solution and is being phased out.  Instead it is to deploy Endpoint and Mobile Control to the devices and then have the device themselves do the filtering.

    Alternately, as far as I know, some customers are also using XG or UTM deployed into the cloud.  The device can then be configured to use it as an explicit proxy.

    You should talk to Sales or a Partner to learn more.  But I would start with "How does Sophos solve this problem" rather than "Does Sophos do X"

     

     

     

     

  • 0 in reply to Michael Dunn

    Hello ,

     

    Michael Dunn said:

    Sophos does have a solution that does this, see here: https://community.sophos.com/kb/en-us/122461

    However AFAIK that is not the favored solution and is being phased out.  Instead it is to deploy Endpoint and Mobile Control to the devices and then have the device themselves do the filtering.

     

    Yes, I am looking for some agent like web gateway which will tag the user ID and then redirect it to XG or a web control solution which can synchronise with XG web filtering policy so that user will have a unified experience irrespective to network. Also it should be a part of XG as we cannot force the customer to change their endpoint solution.

     

    Michael Dunn said:
    Alternately, as far as I know, some customers are also using XG or UTM deployed into the cloud.  The device can then be configured to use it as an explicit proxy.

     

    Yes, currently we are using XG as explicate proxy by opening the Web proxy port on WAN and redirecting the traffic using a PAC file. But there are some authentication issues when multiple user are communicating through the same IP or user is behind a load-balancing network.

     

    Michael Dunn said:
    Does Sophos do X

     

    it is not about questioning "Does Sophos do X" it is about discussing the issue and requirement so that it can be addressed in future road map.

     

    Regards, Ronak.

  • 0 in reply to Ronak Sheth

    Ronak Sheth said:

    Yes, I am looking for some agent like web gateway which will tag the user ID and then redirect it to XG or a web control solution which can synchronise with XG web filtering policy so that user will have a unified experience irrespective to network. Also it should be a part of XG as we cannot force the customer to change their endpoint solution.

    So would it be correct to say that your underlying requirement is to have a single place where you configure the policy, and have it applied to everyone behind the device, and every one of your computers even if they are not on your network?  Your underlying requirement is not tagging user IDs or redirecting it XG.

     

    The Sophos UTM and the Sophos SWA currently does that, for Endpoints controlled by SEC.

    The Sophos XG will be doing it for Endpoints controlled by Sophos Central.  I've heard it is in the roadmap, I don't know when.

    You say "some agent" and then also "cannot change the endpoint".  For Sophos' solution the agent is the endpoint.

     

     

    Ronak Sheth said:
     

    Yes, currently we are using XG as explicate proxy by opening the Web proxy port on WAN and redirecting the traffic using a PAC file. But there are some authentication issues when multiple user are communicating through the same IP or user is behind a load-balancing network.

    I would be cautious about this, as if it is not configured properly it can potentially allow external people to access your internal network.  That is why a cloud deployment is better.  In addition, unless you have some pretty good internet connections in your office you will get a significant performance hit.

    Authentication of users on the Internet is quite a bit more difficult that the Intranet.  This is one reason the preferred solution is to have the endpoint perform the filtering, since it knows the user, rather than having the computer have to authenticate with the XG.

    There are multiple authentication methods, I do not know all the details but AFAIK some are better at multiple users on one IP.