Same Websites blocked and allowed in wrong catagory

Question

Hi, 
 We have setup network DLP before the firewall which is connected like, Endpoint >> L2Switch >> Network DLP (centos uses Proxy) >> Sophos Firewall. 
 For Example website Web.workline.hr 
 This website comes under the hrms category which is allowed in Sophos firewall. But sometimes this same website category gets changed to business category after it passes through NDLP server and is blocked by firewall as business category is not allowed by firewall as per firewall policy. 
 In the nutshell same website sometime shows in category A and sometime catagory B, when traffic flows through Network DLP server (network DLP uses it's own certificate for handshaking).

Michael Dunn · Answer

When you say "this website comes under the hrms category" does that mean you have created a custom category for to match this website?

If so, then the website is actually both "hrms" (your custom category) and "business" (the real category from cloud lookup). It will match the first web rule for either traffic.

So if your web rules are:

Allow hrms
Block business

Then it will allow it and say that it is hrms.

If your rules are:

Block business
Allow hrms

It will block it and say it is business.

Make sure that all the web policies you are using have rules that will apply to hrms first.

Vivek Jagad · Answer

Hello Sarvesh Singh , Thank you for reaching out to the community, SFOS uses SXL server's URL is 4.sophosxl.net . which communicating on Port TCP 443. Currently on the categorization lookup for the site: Web.workline.hr it is categorized to business !! ===================================== if you think that is incorrectly configured you may submit a request: support.sophos.com/.../filesubmission

Same Websites blocked and allowed in wrong catagory

Top Replies