Central Firewall - no Sophos Services and FQDN - why?

When going to Hosts and Services in Sophos Central, you pre-configured a lot of 3rd Party stuff there but forgot to pre-configure your own services.

So why is there no FQDN group for Sophos Services? There are all the other vendors and your'e maintaining them more or less... 

https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/DomainsPorts.html

So now I want to prepare some firewalls rules for Sophos devices and need a lot of time to implement all these FQDN manually. That could have been done better.

You cannot handle everything by built-in TLS Exception URL groups.

Parents Reply
  • Thanks. Indeed there are scenarios, like Sophos Central WiFi and others, that are not covered by these exceptions or the TLS exclusion groups. They require firewall rules and so need to create all the hosts manually.

    Also think of a Server LAN - would you generally allow servers any internet connection via Web Proxy / DPI TLS Inspection? If probably no, you need to create a firewall rule to the (Sophos) hosts, they are only allowed to communicate with. That's where you would need pre configured hosts. On a Sophos machine, the vendors required FQDN pre defined would make so much sense and the product more cool.

Children
No Data