In the ever-evolving landscape of cybersecurity, it’s imperative to ensure that your network is shielded from harmful online threats. One effective measure is to implement a domain blocklist within your Sophos XG Firewall. This guide will walk you through the process of creating and managing a blocklist to keep your network secure.
In this example we will use external URL list to block TikTok app from communicating with it’s servers.

We will also create a firewall rule to block DNS over HTTPS traffic to prevent TikTok from circumventing blocking.

Step 1:

Accessing the Web Admin Console
Begin by logging into your Sophos XG Firewall’s web admin console using your administrator credentials. Or trough Sophos Central if centrally managed. This is the control hub where you’ll configure your firewall settings.



Step 2: Navigating to the Web Filter Section
Once logged in, navigate to the ‘Web’ section and select ‘Categories’. 


Step 3: Creating a category
by clicking on ‘Add’. This will allow you to create a new category where you can add the URLs you wish to block.

Step 4: Name the category (i.e. TikTok Domains), select classification (i.e. Unproductive). We are going to use external URL list so select external URL database. Use following domain list http://gumbysolutions.xyz/bl/tiktok_bl.txt

Step 5: After compiling your list of URLs, it’s time to apply the blocklist to your firewall policies. Go to the ‘Policies’ section, select the relevant policy, and attach your newly created URL group to it.



Step 6: Create firewall rule to block DNS over HTTPS traffic. TiktTok tries to use DNS over HTTPS to bypass blocking by using Google DNS over HTTPS.

Rule should have higher priority than you -> WAN traffic rules.

For more information see https://support.sophos.com/support/s/article/KB-000039056?language=en_US

Step 7: Testing the URL Blocklist
To ensure that the blocklist is functioning correctly, conduct tests by attempting to access the blocked URLs from a network device. If the setup is correct, these sites should be inaccessible and warning displayed.

If TikTok app or website is still accessible then check that proxy mode is being used for web filtering.

Maintaining a robust URL blocklist is a proactive step towards fortifying your network’s defenses. By following these steps, you can effectively manage web access and protect your organization from potential online hazards.