Copyright © 2024 Sophos Ltd

Troubleshooting Web
Policies on Sophos
Firewall

Sophos Firewall
Version: 20.0v1

[Additional Information]

Sophos Firewall
FW4015: Troubleshooting Web Policies on Sophos Firewall

January 2024
Version: 20.0v1

© 2024 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any form or by any means without the prior written
consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks mentioned in this document may be the
trademarks or registered trademarks of Sophos Limited or their respective owners.

While reasonable care has been taken in the preparation of this document, Sophos makes no warranties, conditions or representations (whether express
or implied) as to its completeness or accuracy. This document is subject to change at any time without notice.

Sophos Limited is a company registered in England number 2096520, whose registered office is at The Pentagon, Abingdon Science Park, Abingdon,
Oxfordshire, OX14 3YP.

Troubleshooting Web Policies on Sophos Firewall - 1

Copyright
Copyright ©
© 2024
2023 Sophos
Sophos Ltd
Ltd

Troubleshooting Web Policies on Sophos Firewall

In this chapter you will learn how
to troubleshoot when a website
that users need to access is
included in a category that is
blocked.
RECOMMENDED KNOWLEDGE AND EXPERIENCE
✓ How to configure web protection on Sophos
Firewall

DURATION 3 minutes

In this chapter you will learn how to troubleshoot when a website that users need to access is
included in a category that is blocked.

Troubleshooting Web Policies on Sophos Firewall - 2

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 1

The most common issue encountered with web policies is when a website, or part of a webpage is
blocked by a policy. This may be intended, but it could be a site that users need to access but is
included in a category that is blocked.

Troubleshooting Web Policies on Sophos Firewall - 3

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 2

You should first review the web filter log in the log viewer. You can filter this using username, IP
address and URL to help you find the relevant entries.

In this example, we can see that Facebook has been blocked with the category Social Networking.

Troubleshooting Web Policies on Sophos Firewall - 4

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 2

By hovering over the log entry, we can find more information. We can see the firewall rule and web
policy IDs, and we can see that the category was part of the ‘Unproductive Browsing’ user activity.

Troubleshooting Web Policies on Sophos Firewall - 5

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 2

In the advanced log view, you can click on the web policy ID to open it in the parent web admin
console window.

Troubleshooting Web Policies on Sophos Firewall - 6

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 2

There is no separate rule in this web policy for the Social Networking category, but from the log we
saw that it was part of the Unproductive Browsing user activity.

Troubleshooting Web Policies on Sophos Firewall - 7

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 2

There are several ways to resolve the issue, depending on whether you want to allow the site for all
users or a subset of users. Here we are removing Social Networking from the Unproductive Browsing
user activity.

Troubleshooting Web Policies on Sophos Firewall - 8

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 2

When we save it there is the option to ‘Save for all’ which will update the original user activity, or
‘Save copy’, so that other policies using this user activity are not affected.

If you wanted to allow Social Networking for a subset of users, you could also create a web policy rule
above the Unproductive Browsing rule to explicitly allow Social Networking for the desired users and
groups.

Troubleshooting Web Policies on Sophos Firewall - 9

Copyright © 2024 Sophos Ltd

Unexpected Policy Action 3

With the policy updated the website will be accessible.

Troubleshooting Web Policies on Sophos Firewall - 10

Copyright © 2024 Sophos Ltd

Chapter Review

The first step is to view the web filter log. Filter by username, Ip address and URL to find the relevant
entries and show the category of the blocked site.

Hovering over the log entry shows the firewall rule and web policy IDs. It will also show which user activity
contains the category.

The action to take depends on whether all users or a subset of users require access to sites in the
category.

Here are the three main things you learned in this chapter.

The first step is to view the web filter log. Filter by username, IP address and URL to find the relevant
entries and show the category of the blocked site.

Hovering over the log entry shows the firewall rule and web policy IDs. It will also show which user
activity contains the category.

The action to take depends on whether all users or a subset of users require access to sites in the
category.

Troubleshooting Web Policies on Sophos Firewall - 14

Copyright © 2024 Sophos Ltd

Troubleshooting Web Policies on Sophos Firewall - 15