Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 10551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG: How to I completely disable, turn off, delete Web Proxy and Web Protection

rglaue

I do not want Web Protection, or Web Proxy Categorization - which connects to outside servers (https://community.sophos.com/kb/en-us/126576) every 3-8 seconds to gather updated information.

Additionally, in CONFIGURE > System services > Services > Web proxy, there is only a [Restart] button, and not any [Stop] button like the other services. I want to Stop this service completely.

How can I completely (100%) Stop, disable, and remove Web Protection, Web Proxy Categorization, and Web Proxy?



This thread was automatically locked due to age.
Parents
  • 0

    AFAIK you can't, letting the license expire for that part might shut some of the services down, what are you trying to achieve and why?

  • 0 in reply to JimtheITguy

    This SophosXG is managing a DMZ between two WANs. It just needs basic network protection and IPS, and misc other things.

    I want all the user stuff shut off and deleted.

  • 0 in reply to rglaue

    Uhm..I am not sure you can completely shutdown the web proxy and related services, but for blocking URL categorization, you can stop these 2 dns names:

    primary.wing.sophosxl.net and peak.wing.sophosxl.net

    You can achieve this by blocking ports 80,443,6060,6061 with another firewall in front of XG.

    Stopping awarrenhttp, nasm, antivirus and WINGc via advanced shell is also possible but I guess that they will restart when a new pattern update is triggered.

    Try...

    service servicename:stop -ds nosync

     

Reply
  • 0 in reply to rglaue

    Uhm..I am not sure you can completely shutdown the web proxy and related services, but for blocking URL categorization, you can stop these 2 dns names:

    primary.wing.sophosxl.net and peak.wing.sophosxl.net

    You can achieve this by blocking ports 80,443,6060,6061 with another firewall in front of XG.

    Stopping awarrenhttp, nasm, antivirus and WINGc via advanced shell is also possible but I guess that they will restart when a new pattern update is triggered.

    Try...

    service servicename:stop -ds nosync

     

Children
  • 0 in reply to lferrara

    I already those domains and ports blocked on my side. However, we are about to change primary route to the other side WAN which is managed by a peer. (Out of my control)

    I don't want my SXG to be banging away on the peer network with these services. They already sighed at us after setting up OSPF routes, and that GuestAP wireless networking got advertised.

    In another thread I learned how to delete the GuestAP interface. But now I am faced with this service I want to get rid of too.

    Stopping the Web Proxy service needs to be permanent. It needs to remain stopped when rebooting.

  • 0 in reply to rglaue

    Understood!

    Open a ticket with support to see if it possible. Otherwise if you have the full trial license, wait for the 30 days to last and then web proxy will stop working if you buy the network protection license only.

  • 0 in reply to lferrara

    In addition...

    If you bought the wrong license, talk to your sales representative and ask for a network protection license only and check with him how to “recover” the money you spent!

  • 0 in reply to lferrara

    Thank you for that recommendation.

    This is a 30-day license.

    I have been working with Sophos this week to figure out the license we need. Still don't know. Seems like the "license configuration" is a little cryptic for licensing SXG on Virtual Machines. Any hint on how that works?

    We have nine SophosUTM deployments. This is our first SXG install. I am used to turning whole areas off in UTM. Don't like I can't do the same in SXG.

    If licensing turns these services off, then there definitely must be a "disable" button somewhere. I'll open a ticket to ask how.

  • 0 in reply to lferrara

    Your recommendation ended up being exactly what Sophos told me.

    Sophos tech said:

    Please run the below command to stop the web proxy but this will only stop it not disable it which means whenever you will restart the firewall it will restart the service as well and you have to again run the command. This is by design and none of the sophos services can be disabled

    service awarrenhttp:stop -ds nosync ( Run this command in Advanced shell)

    Web categorization updates are done by WING service and you can Stop it by running the below command 

    service WINGc:stop -ds nosync ( Please run this command in advance shell)

    These commands did stop the HTTP requests to update Web Proxy Categorization.

     

    However, regarding the thought discussed in this thread, that if you are not licensed to use Web Proxy, maybe it won't be active? - This is not true.

    Sophos tech said:

    If you will not have web proxy licence, it will still be reaching out to sophos servers but sophos servers will be denying the request. 

     

    I did ask if these services can be made to be disabled.

    Sophos tech said:

    Unfortunately, you cannot disable the services and it will be a feature request 

     

    I find it to be very disappointing that I cannot permanently disable user services. Even if I do not license it, the service still runs on the SXG.

  • 0 in reply to rglaue

    It is disappointing me too.

    or  

    could you investigate about this limitation and what the user can do?

    Having such a feature on XG virtual appliance should be considered.

    Thanks