Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 4088 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG configuration as an ISP Firewall gateway

AquilesMarrero

I have an ISP customer who bought an XG Firewall Gateway and I wonder how I will comply some regulations of telco authorities.

As we can know, public IP addresses assigned by ISP to customers will we treated as LAN Zone addresses for the ISP and that customers can’t install the XG SecurityAppliance_SSL_CA.

How can we inspect the web traffic for a web category with some Domain/Keywords?

The other issue is, when a category is blocked, there is not a proper message from the XG. It goes directly to a captive portal to logon!!! And if you disable the captive portal it displays a custom message!!!

Where are the category block messages?

We need to know how to place an XG in this type of environments, where public and private address need to be treated all as LAN zone, inspect traffic to avoid viruses and to comply regulations and to be really transparent for ISP customers who will have their own Firewall or UTM from other vendors in most of cases.

I hope we can start a discussion around this issues.

Best Regards,

Aquiles Marrero



This thread was automatically locked due to age.
  • 0

    Hi,

    Welcome to Sophos Community.

    In such scenario, an experienced reseller/partner is always handy for initial setups. If the requirement is to filter the incoming traffic from WAN, you should configure a WAN_LAN firewall rule with all the checks (IPS & Malware scanning ) enabled.To get a custom message, on which associated category the traffic is being blocked, paste the below code in custom message box found in System > Authentication > Authentication Services.

    NOTE: The user should be authenticated to get the category name in the denied message, unauthenticated traffic will get a simple custom denied message.

    Thanks

    Sachin

    P.S.- Aquiles, there is an unwritten rule in our community to post one query per thread. This makes it simple and transparent to discover required solutions. I request you to post separate post for every query.