List of Allowed Websites for AD Group

Question

Hi, 
 We have purchased a new XG Firewall to replace the old Forefront TMG. 
 How can I apply a list of allowed websites to our Front Desk Staff (a Group in AD) and block everything else? 
 Thanks in advance.

Badrobot · Answer

Hi Jason, 
 
 Welcome to the forum, this approach in my opinion would be best handled by creating a firewall rule specifically for these workstation. 
 
 Add their source zone, then add just there devices, (you may want to add them to hosts, then create a group for them to be able to add them quickly to other rules later) then add the destination zone you want them to access, add only the sites you want them to access to the destination devices and only the services they need to get to them and everything else will be blocked. Make sure you place the firewall rule in the appropriate top down spot to ensure it works correctly and you should be good to go. Please note that you will have to add exceptions for any ad or printers or other aspects they use to this rule as well. 
 
 or 
 
 You can also do this by creating a new firewall rule as mentioned above all whatever traffic you want for ad, printers, dns, etc. etc.. And create a separate web filter policy for just this group, then block everything with the policy and make exceptions to allow only the sites you want. 
 
 Either way would work. 
 
 Best, 
 
 BadRobot 
 
 https://community.sophos.com/products/xg-firewall/f/network-and-routing/91621/sophos-xg-firewall-rule-best-practice 
 https://community.sophos.com/kb/en-us/126230 
 https://community.sophos.com/kb/en-us/123833