Shopping Cart

No products in the cart.

Sophos DNS Protection – Free in Xstream Protection

Sophos DNS Protection is a new Sophos Central Service, which is included free of charge with the Sophos Firewall with Xstream Protection Bundle. We have been testing this for some time now and share our experiences in this article.

Sophos DNS Protection - Dashboard
Sophos DNS Protection – Dashboard

Sophos DNS Protection function

Sophos DNS Protection provides a cloud-based security solution that blocks access to insecure and unwanted domains on all ports, protocols and applications. The service can be implemented in just a few minutes and effectively complements existing network security solutions.

With real-time threat intelligence and comprehensive reporting capabilities, Sophos DNS Protection protects against malicious and unwanted domains. The core competence of this new Sophos Central service is to provide an additional layer of protection against access to known, compromised or malicious domains, for both encrypted and unencrypted connections. This preventive approach increases the level of security at DNS level and therefore goes far beyond conventional web security.

Setup in 3 steps

Setting up Sophos DNS Protection is very simple and takes just a few minutes.

Sophos DNS Protection - Setup in three steps
Sophos DNS Protection – Setup in drei Schritten

You start by configuring the IP addresses of the networks or dynamic host names to ensure that DNS Protection recognizes the origin of the DNS queries. These locations are then assigned to the corresponding policies in order to activate the protection.

1. Add location

In order for the Sophos DNS servers to be able to assign the requests to the policies and the user account for the reports, you must first record the location and the associated public IP address or DNS name.

Sophos DNS Protection - Add location
Sophos DNS Protection – Standort hinzufügen

2. Customize DNS server

To use Sophos DNS Protection, you must store the Sophos DNS servers on your router, DNS server or firewall. You enter the IP addresses as DNS servers in the network device so that all DNS queries are routed via Sophos DNS Protection.

Sophos DNS Protection - Network configuration
Sophos DNS Protection – Netzwerk Konfiguration

To ensure that block pages are displayed correctly, download the certificate provided and distribute it to the devices as a trusted root certification authority.

We have already explained the process of distributing the certificate for the Sophos Firewall in a guide. Only a different certificate is now used for DNS protection.

3. Filtering by web category

The third step is to create the guidelines. Here you can specify which web categories should be blocked. DNS protection always filters websites that pose a security risk, but you can specify additional filter options. These policies can be defined on a per-site basis, allowing for more precise customization of security policies to the specific needs of each individual network.

Sophos DNS Protection - Policies
Sophos DNS Protection – Richtlinien

The following categories are available to block them:

  • Advertisements
  • Auctions & classified ads
  • Dynamic DNS & ISP sites
  • Entertainment
  • Fashion & beauty
  • Gambling
  • Games
  • Hobbies
  • Hunting & fishing
  • Kid’s sites
  • News
  • Online chat
  • Online shopping
  • Personal sites
  • Photo galleries
  • Portal sites
  • Religion & spirituality
  • Restaurants & dining
  • Sports
  • Stocks & trading
  • Surveillance
  • Travel
  • Society & culture
  • Vehicles
  • Blogs & forums
  • Staff & dating
  • Social networks
  • Alcohol & tobacco
  • Controlled substances
  • Criminal activity
  • Download freeware & shareware
  • Extreme
  • Intellectual piracy
  • Intolerance & hate
  • Legal highs
  • Marijuana
  • Militancy & extremist
  • Nudity
  • Plagiarism
  • Pro-suicide & self harm
  • Sex education
  • Sexually explicit
  • Swimwear & lingerie
  • Weapons
  • Live audio
  • Live video
  • Peer-to-peer & torrents
  • Radio & audio hosting
  • Video hosting
  • Voice & video calls
  • General business
  • Business networking
  • Educational institutions
  • Financial services
  • Government
  • Health & medicines
  • Image search
  • Information technology
  • Job search
  • Military
  • NGOs & non-profits
  • Political organizations
  • Professional & workers organizations
  • Real estate
  • Reference
  • Search engines
  • Software updates
  • Translators
  • Content delivery
  • CRL and OCSP
  • Anonymizers
  • Hacking
  • Newly registered websites
  • Parked domains
  • Phishing & fraud
  • Spam URLs
  • Spyware & malware
  • Unauthorized software stores
  • Data loss
  • Business cloud apps
  • Personal cloud apps
  • Personal network storage
  • Web E-mail
  • Everything else

Sophos DNS Protection allows you to create user-defined domain lists. If a user needs to access a blocked page, you can create a special exception list and adjust the policy accordingly. For example, you can create a list of special exceptions that allows certain domains while others remain blocked.


Sophos DNS Protection immediately blocks access to insecure and unwanted domains. This is done for both managed and unmanaged devices and comprehensively protects your network from malicious domain activity. With real-time threat intelligence from SophosLabs, you can ensure that your organization is always protected from the latest threats.

Sophos DNS Protection - Browser block message
Sophos DNS Protection – Browser Block Meldung

In the Sophos video, the steps for the setup are explained again:

YouTube video
Sophos DNS Protection – Setup Service


DNS Protection gives you detailed insights into the domains visited by your network. With the reporting functions in Sophos Central, you can monitor the security situation of your network at any time. You receive reports on permitted and blocked domains as well as the total number of DNS queries.

Sophos DNS Protection - Allowed domains
Sophos DNS Protection – Erlaubte Domains
Sophos DNS Protection - Policy blocks
Sophos DNS Protection – Policy blocks

The reporting tool works similarly to the firewall reporting in Sophos Central. You can also set filters here, search for specific entries and create templates for recurring queries. It is also possible to have reports sent to you by e-mail.

Sophos DNS Protection - DNS usage
Sophos DNS Protection – DNS usage

More data for XDR and MDR

The DNS data collected by Sophos DNS Protection is forwarded to the Sophos Data Lake. This means that this data can be used with the XDR tools or help MDR analysts to detect active attackers and threats in the network.


DNS Protection is currently available to all Sophos Firewall customers who have licensed the Xstream Protection Bundle.

However, Sophos also states that the first version is free. So I can well imagine that when the product is a little more mature, additional functions will require an additional license, just like with Firewall Reporting.

Conclusion / Opinion

Sophos DNS Protection is a simple and effective solution that works reliably in version 1 and is a more secure alternative to, and Nevertheless, there are some areas that could be improved:

Speed The Sophos DNS servers currently still have a longer latency, but this is due to the fact that Sophos has only provided a few POPs here so far. However, work will be carried out on this in the coming months.

Filter: Currently there is only the option to filter domains. There are no predefined lists for apps, advertising or tracking links, which limits the filter options.

Mobile: Unlike “Cisco Umbrella DNS” or “NextDNS”, Sophos DNS Protection does not offer the option of protecting mobile devices.

Synchronized Security: Many administrators are familiar with the problem of users reporting that legitimate websites are blocked and a release must be created. Many of our customers use Sophos Firewall and Sophos Endpoint with Web Control enabled, so that content filtering is also available on the move or in the home office. However, the settings of these two systems are not synchronized. DNS Protection is a third service that also needs to be maintained.


Patrizio is an experienced network specialist with a focus on Sophos firewalls, switches and access points. He supports customers or their IT department in the configuration and migration of Sophos firewalls and ensures optimal network security through clean segmentation and firewall rule management.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.