Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 2 answers
  • Subscribers 44 subscribers
  • Views 8888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there no way to import FQDN's or IP addresses to an XG?

Adam Ricket

 I'm finding more and more situations where I need to allow a large range of IP addresses and FQDN's to our customer's Firewalls... 

Is there no way to import JSON, CSV or TXT IP or FQDN lists to either a v17 or v18 FW?

This is an extremely frustrating issue that frankly ALL other vendors support. It is seriously costing us and our clients who we support time and money. 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Adam Ricket

    Depending on your current data, there are plenty tools to do this in no time. 

    For example notepad++ can actually convert a list of IPs into a XML. 

     

    PS: this is general IT knowledge and very useful for all kinds of daily business work.

     

    https://www.launch2success.com/guide/advanced-find-and-replace-in-notepad/

     

    For example you can simply use the current XML format, which you need for XG. 

     

    Then you take your List, what ever format it is, paste it into Notepad++.

    You open the Search and replace function, look for every entry and replace it with the XML format and the current value in it. 

     

    Afterwards put it into a .tar File, upload it to the GUI. 

     

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Oh yeah it can be done... It's also a huge time sink reformatting it... 

    Take the 365 URL's and IP's list... https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide 

  • 0 in reply to Adam Ricket

    Hi Adam,

    if you are using 365 as an example I would suggest you look at the pages already loaded into XG FQDN and FQDN groups. You  might need to add a couple of new ones, but the lists are quite long.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Office365 is native integrated into V18 for Decryption exclusion. 

    What do you want to do with this List? 

    In your Link, there are plenty different hosts. Do you want to have all those hosts (IP / FQDN) into a big object and allow this via Firewall rule? 

     

    There are already such import scripts for O365.

    https://community.sophos.com/kb/en-us/132291

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So basically what we're doing is we have a fairly straightforward QoS Rule for LAN/WiFi to WAN for HTTP and HTTPS with the hosts listed in that 365 doc.

    We're finding that the catch all rule is causing issues with Office installation and updates. Sharepoint Online Sync and Exchange Online sync. The catch all rule has Intrusion Prevention set to "generalpolicy", Web Policy set as "Default Workplace Policy" and Application control set to "Block very high risk".

    For the QoS Rule, we only have Traffic Shaping set to "High Guarantee Rule" and DSCP marking set to 46.

    So yes... Ideally I want to be able to import all of those hosts for one rule.

  • 0 in reply to Adam Ricket

    Hi Adam,

    besides QOS are you trying to provide access to al users to the O365 etc updates or do you an update server?

    If allowing all users, then try the following

    1/. create your won IPS rule, eg remove unwanted items

    2/. create a firewall rule with

    a) source LAN

    b) any

    c) destination WAN

    d) the FDQN group, you might like to build your own

    e) services specify the MS services used as the updates

    f) WEB - none

    g) Application - NONE

    h) your IPS policy

    i0 your QOS policy

    Put the rule at the top of your rule list.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML