Internet Proxy ; Web Policies not working

Tal,

on Sophos Documentation and Video Library you can find different material on how to create rules and apply filtering.

IF you are using XG as your Default gateway, routing can be quite simple.

The other option is to configure routes on XG and your Default Gateway or install XG in bridge mode.

For better help, you should give us more feedback about your network infrastructure.

Regards

did a traceroute and we are not going through our sophos XG for internet

C:\Users\adm-tyoffe>tracert yahoo.com

Tracing route to yahoo.com [206.190.36.45]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 66.9.19.1
2 1 ms 4 ms 1 ms 66.9.90.129
3 4 ms 2 ms 7 ms 209.178.234.129
4 17 ms 20 ms 10 ms 66.9.8.193
5 20 ms 6 ms 3 ms 66.9.8.194
6 * * * Request timed out.
7 * * * Request timed out.
8 396 ms 292 ms 288 ms yahoo-inc.ear3.seattle1.level3.net [4.16.168.186]
9 195 ms 260 ms 267 ms ae-7.pat1.gqb.yahoo.com [216.115.96.45]
10 241 ms 261 ms 337 ms et-18-1-0.msr2.gq1.yahoo.com [66.196.67.115]
11 435 ms 324 ms 268 ms et-19-1-0.clr2-a-gdc.gq1.yahoo.com [67.195.37.99]
12 210 ms 243 ms 259 ms et-17-25.fab6-1-gdc.gq1.yahoo.com [67.195.1.241]
13 366 ms 388 ms 318 ms po-14.bas2-7-prd.gq1.yahoo.com [206.190.32.39]
14 511 ms 346 ms 299 ms ir1.fp.vip.gq1.yahoo.com [206.190.36.45]

Tal,

as I wrote, make sure first you know how your network works before even configuring XG. If you need help, share here your network diagram and we will give you an help on how to configure XG.

Regards

do not feel comfortable posting network diagram on public forum

is this the proper documentation

https://community.sophos.com/kb/en-us/122972

Tal,

you can configure XG in routing mode (the link is correct) and then redirect 0.0.0.0/0.0.0.0 to XG for checking internet traffic. XG itself must know all the returning traffic so static routing or dynamic routing must be implemented. If your network allows it, you can use BGP or OSPF.

Regards

Is it possible to configure sophos to work as a proxy for the web browser. Then in the browser I can configure it to use sophos as a proxy rather than going  directly to the internet?

Tal,

of course you can. By default, XG Proxy listens on port 3128. You can change the port under Web > Advanced TAB.

Regards

Tal,

of course you can. By default, XG Proxy listens on port 3128. You can change the port under Web > Advanced TAB.

Regards

Sorry having some trouble. 

this is what I am putting in browser config

however I can still browse to blocked sites ( webmail, etc)

Tal,

you should receive captive portal if the user is not authenticated.

Make sure you use the XG internal IP.

Also on the firewall rule, make sure match know users is ticked with at least one user.

Regards

updated to internal IP and checked KNOWN USERS. I had it set to anybody

something is still not working properly. I can get to any site and webmail

Tal,

show us the Firewall rule.

Thanks

FIREFOX SETTINGS

Rule to DENY WEBMAIL

GMAIL STILL WORKING

Tal,

inside the firefox settings make sure to tick "use this proxy server for all protocols". Also I asked for Firewall rule. This is the Web Filtering section.

Thanks

ticking all protocols seems to break everything. 

firewall rules are as follows

Tal,

where is the Web Filter applied? I guess rule id 2.

Edit rule id 2 and enable match know users.

Also the last rule (id 7) does not deny anything. Traffic is allowed and not blocked.