Sophos Central - Block all websites except white-listed

Following instructions allow to block all web access for a particular user, except few manually whitelisted websites. All actions are performed in the Sophos Central Admin web console.

  • Go to Endpoint Protection > Settings > Website Management and add all websites you want to allow. Make sure to add a tag.
    Sophos Central - Add website customization
  • While still in Endpoint Protection section go to Policies and add a new Web Control policy
    Sophos Central - Add Policy
  • Modify the new policy as follows:
    • Under Users add all users that web block will apply to.
    • Under Settings
      • Web Control - Enabled
      • Additional security options - Let me specify - set all categories to Block
      • Acceptable web usage - Let me specify - set all categories to Block
      • Log web control events - Enabled
      • Control sites tagged in Website Management - click Add New and select the tag you added in the first step for whitelisted websites.
        Sophos Central - Modify Policy
    • Under Policy Enforced make sure Policy is enforced is enabled.
  • Click Save

That's it. In my experience policy is applied pretty much immediately after clicking Save. If you make any changes to the whitelist (under Settings > Website Management), open the Web Control policy and save it without making any changes to re-apply the policy to clients.

June 2019
Sophos Endpoint Protection
Sophos Central Admin
Windows 10 Pro


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait