SD-Wan to communicate with Sophos central / live protection

Question

i have XG firewalls located in china and sometimes the latency of some links to sophos getting to slow so i dont get a resonse in time for example for live protetcionn

right now im trying to setup a SD WAN for all sophos services, but that it work well i would need to know which IP's i should monitor that SD-wan route can decide which is the best gateway.

would it be possible to get an IP list which i should probe for which service?
also at the moment i chose these destination networks.

It would be great if Sophos would offer default SD-Wan profiles in the next release to sophos services (cloud) to always communicate with sophos trough the fastest possible link as conectivity to sophos is super critical if you use Sophos firewal, sophos endpoint protection and so on.

This thread was automatically locked due to age.

Vivek Jagad · Answer

In that case Moritz_Max - following covers it all Domains and ports to allow

LuCar Toni · Answer

Let me put some thoughts into this question: We have the plans to include all Sophos used Domains into the object world of SFOS in the future. So all hosts / domains etc. are going to be created in the future released for Sophos resources. So you could create SD-WAN routes for those objects. Right now, you have to manually create them. 
 You find the resources in our Docs: 
 https://docs.sophos.com/central/Customer/help/en-us/PeopleAndDevices/ProtectDevices/DomainsPorts/index.html 
 https://docs.sophos.com/central/Customer/wireless/en-us/central/Customer/concepts/WirelessAboutSophosCentralWireless.html 
 https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/Switches/SwitchesOverview/TLSScanningExclusionsRequiredForRegistration/index.html 
 https://docs.sophos.com/central/Mobile/ctg/en-us/esg/Sophos-Mobile/concepts/ports_and_protocols.html 
 https://docs.sophos.com/central/ZTNA/startup/en-us/setup/Requirements/index.html#active-directory 
 (And depending on what you want to deploy maybe more). 
 You can create them via XML, if you want and redeploy them on multiple devices. 
 I did this for SFOS already: Sophos Firewall: XML Import for SFOS Default objects 
 
 So if you have the objects: SD-WAN profiles and the SLAs should not use each and every resource, it redirects. Likely a CDN offers the same performance like a host like google dns. Means: If you have a local resource (like a DNS), you can monitore those hosts for all used resources. A individual host monitoring is likely "to much" effort for the outcome. Means: If you query DNS and the CDN, the outcome is likely the same.

SD-Wan to communicate with Sophos central / live protection

Top Replies