Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Office 365 firewall rule creation

Hello,

I would like to create a firewall rule(s) that match with all Office365 Url and IP address ranges as provided in:

https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

That have a long list of url, ips, and subnet ranges.

How Sophos XG 230 - 17.1.3 MR-3 expect I handle with this worldwide service? I've Office365 pro plus that have exchange online, onedrive, skype for business, sharepoint, etc...

I've started to create manually that destinations but I couldn't figure out how to make it in a clean way or without become impossible to manage changes after.

I've tried use the application filter but it seems to recognize just exchange online.

If I try to use the API, every <HostType>Network</HostType> Will I need to correct every network representation (eg. 13.107.64.0/18) splitting in two the IP and Subnet and fix the subnet CIDR from /18 to 255.255.192.0?

My goal is that this firewall rule will be at the top and be using a gateway just for this service and in case of problems will failover to other available gateway. I don't want this service messing the web reports that is a rule bellow.

Thanks in advance,

Leandro Gregório



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    please do a search of there forums and the KBA, your request is not new. Also the XG has some default exceptions in its web configuration.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Thanks for your response, I've done the exceptions and create a rule manually.

    I'm new in Sophos and I opened this question just because the results in community sound like workarounds to a common needs as you said, that is create a long firewall rule. I thought I was missing something or exist a Sophos way to do like an "usable application filter", due this I detailed describe what I've tried.

    Seems like everybody needs wait Sophos to have a more pratical way to create a long firewall rule.

    Best regards,

    Leandro Gregório