Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 10551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG: How to I completely disable, turn off, delete Web Proxy and Web Protection

rglaue

I do not want Web Protection, or Web Proxy Categorization - which connects to outside servers (https://community.sophos.com/kb/en-us/126576) every 3-8 seconds to gather updated information.

Additionally, in CONFIGURE > System services > Services > Web proxy, there is only a [Restart] button, and not any [Stop] button like the other services. I want to Stop this service completely.

How can I completely (100%) Stop, disable, and remove Web Protection, Web Proxy Categorization, and Web Proxy?



This thread was automatically locked due to age.
Parents
  • 0

    AFAIK you can't, letting the license expire for that part might shut some of the services down, what are you trying to achieve and why?

  • 0 in reply to JimtheITguy

    This SophosXG is managing a DMZ between two WANs. It just needs basic network protection and IPS, and misc other things.

    I want all the user stuff shut off and deleted.

  • 0 in reply to rglaue

    Uhm..I am not sure you can completely shutdown the web proxy and related services, but for blocking URL categorization, you can stop these 2 dns names:

    primary.wing.sophosxl.net and peak.wing.sophosxl.net

    You can achieve this by blocking ports 80,443,6060,6061 with another firewall in front of XG.

    Stopping awarrenhttp, nasm, antivirus and WINGc via advanced shell is also possible but I guess that they will restart when a new pattern update is triggered.

    Try...

    service servicename:stop -ds nosync

     

  • 0 in reply to lferrara

    I already those domains and ports blocked on my side. However, we are about to change primary route to the other side WAN which is managed by a peer. (Out of my control)

    I don't want my SXG to be banging away on the peer network with these services. They already sighed at us after setting up OSPF routes, and that GuestAP wireless networking got advertised.

    In another thread I learned how to delete the GuestAP interface. But now I am faced with this service I want to get rid of too.

    Stopping the Web Proxy service needs to be permanent. It needs to remain stopped when rebooting.

Reply
  • 0 in reply to lferrara

    I already those domains and ports blocked on my side. However, we are about to change primary route to the other side WAN which is managed by a peer. (Out of my control)

    I don't want my SXG to be banging away on the peer network with these services. They already sighed at us after setting up OSPF routes, and that GuestAP wireless networking got advertised.

    In another thread I learned how to delete the GuestAP interface. But now I am faced with this service I want to get rid of too.

    Stopping the Web Proxy service needs to be permanent. It needs to remain stopped when rebooting.

Children
  • 0 in reply to rglaue

    Understood!

    Open a ticket with support to see if it possible. Otherwise if you have the full trial license, wait for the 30 days to last and then web proxy will stop working if you buy the network protection license only.

  • 0 in reply to lferrara

    In addition...

    If you bought the wrong license, talk to your sales representative and ask for a network protection license only and check with him how to “recover” the money you spent!

  • 0 in reply to lferrara

    Thank you for that recommendation.

    This is a 30-day license.

    I have been working with Sophos this week to figure out the license we need. Still don't know. Seems like the "license configuration" is a little cryptic for licensing SXG on Virtual Machines. Any hint on how that works?

    We have nine SophosUTM deployments. This is our first SXG install. I am used to turning whole areas off in UTM. Don't like I can't do the same in SXG.

    If licensing turns these services off, then there definitely must be a "disable" button somewhere. I'll open a ticket to ask how.