Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Answers 2 answers
  • Subscribers 31 subscribers
  • Views 46459 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safe Serach

Yasin Aydın

I have Sophos XG firewall(16.05) and Sophos Endpoint Cloud Clients. I configured the both sides for the blocking adult contents. Safe search is running when goes to adult content websites and etc. But in search engines images The adult content images still here. How to block the adult content images in serch engines ?(google,yandex etc...)   



This thread was automatically locked due to age.
  • 0

    Yasin,

    can you share the words you are able to dispaly on google for example?

    Did you enable safe search and additional image filters under Web > Advanced menu ?

    Thanks

  • +1

    HI Yasin , 

    If you have enabled Safe Search as Suggested by LUK , you may need to enable Malware Scanning Http and HTTPS (Especially) in order to work . Also Create a Rule on the Top position and Drop Port UDP:443 so the Google in your network would not operate in QUIC protocol and would switch to Standardized TCP:443 connection.

  • 0 in reply to lferrara

    Hi lferrara,

    The words like porn etc.. And Did you mean Web>Protection>Search Engine Enforcement> "Enable Enforce SafeSearch" and "Enable Enforce Additional Image Filters"?

    I configured Web> Advanced>Enable Contebt Cache 

    I configured that. But the problem is still same.

  • 0 in reply to Yasin Aydın

    Yasin,

    Yes enable both. In my test environment it works with no issue. Bad words like porn are blocked.

    Make sure to allow only https/http on the firewall rule as suggested by Aditya.

    Regards

  • 0 in reply to Aditya Patel

    Hi Aditya,

    I think The malware scanning http and https is enough for block and SafeSearch. Previously I configured only http scanning and when I configured for the https scanning there are some certificates error . I create a new certificate and enable the malware scanning http and https. Now It runs seamlessly.

    Additionally I add the drop policy as you said . There is no connection on this policy. So I think It's not necessary.

     

    Thanks ... 

  • 0 in reply to Yasin Aydın

    Yasin,

    If you have created an allow rule where you allow only http/https services, the drop rule is not needed.

    Google chrome uses udp 443 and then fails back to tcp 443. So if you allow only https and your last rule is a drop rule (any, any, any), your are ok.

    Regards

  • 0 in reply to lferrara

    Hello lferrara,

    Is there any setting about the exclude to android and ios device? The android and ios devices are in the same lan with pcs .

    I don't want to separate this devices group. I want to all device in the same lan?

  • 0 in reply to Aditya Patel

    Hello Aditya,

    Is there any safe search  setting about the exclude to android and ios device? The android and ios devices are in the same lan with pcs .

    I don't want to separate this devices group. I want to all device in the same lan.

  • 0 in reply to Yasin Aydın

    I don't want to install a certificate on the android and ios devices.

  • 0 in reply to Yasin Aydın

    Hi Yasin, 

    You may need to import the certificate onto our IOS and Android. If you are using authentication you may log in to your User portal using your Mobile Web Browser and click to download the CA certificate. This will allow you to import the certificate directly. Or simply mail to your employees the CA certificate they would open the attachment and get it installed. 

    The certificate format is .PEM you may change to .crt by simply changing the extension and mail to your clients. Otherwise, you may need to create a seperate rule for your IP/MAC host associated to your mobile devices and remove HTTPS decryption. This was you do not need to install certificate . Downside is that Safe search Would not work .