XG18 invisible source/hosts entry in XG17.5.MR10 and XG18 GA

Simple Question,

how do i remove a invisible source/hosts entry in email policies?

 

Or can someone help with a correct FQDN entry for this source?
I want to get the Microsoft Team notification mails, they are greylisted in XG.

*.mail.protection.outlook.com

  • Hi juergenb52,

    Could you please let us know if you want to add exception for *.mail.protection.outlook.com under PROTECT > Email > Policies & Exceptions? 

    If yes, you should be able to add wildcard FQDN host by clicking on Add new item > Create new > FQDN Host. Once you add this FQDN you should be able to bypass checks that are listed in Exception.

    Please correct if this is not what you are trying to accomplish?  

    Thanks,

  • In reply to H_Patel:

    Thanks Patel,

    yes this is exactly what i want.

    I tried this way ..

    I added the FQDN Host and opened email/Exception, but you can´t add the new FQDN Host to Sources/host (still invisible).

    and i tried second way

    I added the FQDN Host unter Exception… Soruces/Host.
    Here i can add the FQDN but after i click save the rule is still empty.

    This happens in MR9, MR10 and XG18 GA

  • In reply to juergenb52:

    Maybe something went wrong in your Setup. 

    There is something broken in the database. 

  • In reply to LuCar Toni:

    I tried this with MR10 clean install and XG18 GA.

    Same behavior...

  • In reply to juergenb52:

    Hi juergenb52,

    I was able to replicate this issue on both SFOS 17.5 MR 10 and V18. I have reported this issue to the concern team to investigate it further. 

    I will update this thread as soon as more information becomes available. 

    Thanks,

     

  • In reply to H_Patel:

    Thanks,

    finaly someone who replicated this.

    Sophos Support (here in Germany) wasn´t able to replicate this.
    They wanted remote Access to my productive System or the clean Installation in Hyper-V.

    Am i the only one using email filtering and Microsoft Office 365 ?!

  • In reply to juergenb52:

    Hi juergenb52,

    Could you please PM me the support case number? I will follow up with the support team and update you accordingly.

    Thanks,

  • In reply to H_Patel:

    Hello All, 

    Just to provide you an update wildcard is not supported since 17.5 GA. 

    Feature: Wildcard FQDN was not supported in the Email > source/host exceptions list since version 17.5 GA and since the feature was not introduced. At the moment FQDN host (non-wildcard) is supported.

    I would encourage you to open/find a feature request on Ideas.sophos.com as our product management team would monitor new requests and would decide on the number of votes it would get.

  • In reply to Aditya Patel:

    I've got the same issue with 17.5.10.

    Seems others have the same issue https://community.sophos.com/products/xg-firewall/f/email-protection/118720/how-do-i-remove-a-invisible-source-hosts

    According to my screen you can exactly do a wildcard and even gives an example...

    So is the example demonstrating an unsupported function?

    I thought it might have to do with hidden "dot" files in linux. I think my entry name was ".com.au" and FQDN as "*.com.au"  This initially showed in the list, but after saving and going back in, it isnt shown in the list anymore.

  • In reply to Aditya Patel:

    please check the screenshot provided by .

    Thanks

  • In reply to lferrara:

    Hello Greg, 

    So when you create an FQDN through the then it would call a function opcode to create an FQDN which is shared with the entire subsystems. SO you will get the same function when you select to create an FQDN. 

    Whether it is from Firewall rule, FQDN HOST etc. So the UI and the message is the same. I will check if we mention that in the documentation or change the UI.