This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft OneDrive

So we have been working on issues with Office 365 and Onedrive on the UTM firewall web filtering running in Standard Mode with https url scanning active and finally found a solution for OneDrive access when using WebFiltering on the UTM:

I found the base RegEx exression on a link on this site here:
http://http://www.imfirewall.us/protocols/view.php?proto=Skydrive

Here is how I made this work on the UTM:
Web Protection/Web Filtering Options
New rule Names: OneDrive
Checked: Skipping SSL Scanning, Certificate Trust Check/Certificate Date Check
Matching these URL's set to: 
^http://^skyapi\.live\.net, ^.*(storage|skydrive|shared|onedrive)\.live\.com, ^.*\.mesh\.com, ^.*\.storage\.msn\.com, ^.*\.wns\.windows\.com, ^p\.sfx\.ms, ^9t57ha\.by3301\.livefilestore


Sophos needs to update the skydrive rules in the application control engine.  Hope this helps all out there.


This thread was automatically locked due to age.
  • Today I have been struggeling with the same using authenticated proxy and the normal (personal) onedrive client under Windows 10. The above string did not work, however I found this page on the Microsoft website and derived the following regex from it. After applying it, Onedrive started syncing and was successful in doing so. I have selected to skip the following: Authentication / Antivirus / SSL scanning / Certificate trust check / Certificate date check.

    ^https?://(oauth|favorites|photos|skydrive)\.live\.com
    ^https?://(apis?|skyapi|snapi)\.live.net
    ^https?://([A-Za-z0-9.-]*\.)?(docs|policies|settings)\.live\.net
    ^https?://([A-Za-z0-9.-]*\.)?storage\.(live|msn)\.com
    ^https?://([A-Za-z0-9.-]*\.)?livefilestore\.com
    ^https?://([A-Za-z0-9.-]*\.)?onedrive\.live\.com
    ^https?://([A-Za-z0-9.-]*\.)?groups\.(office|photos|skydrive)\.live\.com
    ^https?://([A-Za-z0-9.-]*\.)?files\.1drv\.com


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Had same problem with OneNote not sync'ing.  Script did not work.  By trial-and-error, narrowed it down to
    Web Filtering issue for the "Personal Network Storage" categroy.  Fixed this as follows in Sophos UTM 9.

    Dashboard > Web Protection > Web Filtering:

       Global tab > Operation mode > Transparent

        HTTPS tab > Decrypt and scan the following:

           Scan These Categorized Websites:   

              Remove the "Personal Network Storage" category

    Also FYI: 

       Removing the "Uncategorized" category solved blocking of Tivo Roamio and Amazon Alexa

       Removing the "Search Engines" category solved problem of blocking Google's website on some local computers

    Hope this helps.