I try to get anydesk running with TLS Inspection. I´ve read this post: https://community.sophos.com/sophos-xg-firewall/f/discussions/123967/how-to-allow-or-block-anydesk-when-using-tls-scanning
I created a IP List with all the anydesk Servers, but where can I define the exception?
I did not create this entry, it came default on the XG.
If you need an exception then you do not need to use the DPI engine.
In web exceptions..
Thanks, but where exactly?
I find there:
URL pattern matches, Web site categories, Source IP Adresses and Destination IP Adresses.
Theres no way to use the IP List or I am blind I cannot fill in 3xx IP Adresses manually
you should be using urls preferably. Also they should be in address ranges.
Also there is an FQDN group for anydesk in XG so you do not need to create a new one.
You can create a firewall rule with any desk as the destination and not worry about the exceptions.
eg source LAN, internal network, destination, WAN, anydesk, services any, allow all in application, enable IPS LAN to WAN. Select use proxy and allow all, but do not select any of the criteria.
Do you use DPI or the web Proxy? In DPI you could fetch the URL by using the logviewer.
Hmm, I do not have a anydesk fqdn host group in my xg.
I use DPI. Anydesk does not use hostnames, so I think I need the IP List.
Hmm, it´s simply not there im my XG86. But I have built it now and created a TLS Inspection Rule, and well, now anydesk works fine!
Unfortunately https://community.sophos.com/sophos-xg-firewall/f/discussions/123967/how-to-allow-or-block-anydesk-when-using-tls-scanning is now locked, which is why you will have had to create a new post here.
If those providing answers read the original post, they will see this is nothing to do with URLs. Anydesk uses IP connections, not URLs for the remote access sessions, hence the need to create an IP list and exempt that from scanning, which is what the OP was asking about.
I'm glad you figured out how to do it hoosty. For those coming across this post as a search result, here is the rule I use (pick 'Rule and Policies' on the left, then the 'SSL/TLS inspection rules' on the top tab). It's very standard stuff, which is why I didn't put it in the original post, but if you aren't used to setting up Exceptions, I can understand struggling to find it.
Unfortunately, Anydesk seem to regularly add to this list (currently about 400 IPs) so it needs updating quite often. Would be nice if Sophos could just make inspection work with Anydesk.
So, you are saying the ip addresses are hardcoded into the application, so unless you update the application the IP address list doesn’t change.