Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3818 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG web exceptions for Office 365 not working

Soleil

Hello,

We implemented the Office 365 exceptions by following this guide: https://support.sophos.com/support/s/article/KB-000038173?language=en_US

For example, one of those entries looks like this:

However, it seems not working because our users still have pop-ups coming from Outlook regarding the same URL:

From our understanding, the exception should avoid any SSL/TLS interception, even if it matches any firewall rule, is it correct or not ?

Did we do something wrong or missing some steps ?

Thanks a lot for your input.



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to the community, this looks like Sophos CA certificate is expired, To regenerate the SecurityAppliance_SSL_CA you need to go to System >> Certificates >> Certificate Authorities >> SecurtyAppliance_SSL_CA and click the gear icon, this will regenerate the SecurityAppliance_SSL_CA certificate.

    May we know the firmware used on the Firewall ? As there was also a known issue - Expired certificate in certcache are being used rather than generating new ones - NC-100265. If that is  the case then , the workaround is relatively simple. Web Service will be interrupted for a minute or two, so do this during off hours.  Non web traffic will not be affected.

    touch /var/certcache/.clear_all_certs_on_reload
    service -ds nosync awarrenhttp:restart

    If this does not resolve the problem it may be a different cause - complicated by the fact that you have XG, RED, and EP all potentially trying to do HTTPS decryption.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0

    How about trying a slightly different regex:

    ^([A-Za-z0-9.-]*\.)?outlook\.office\.com\.?/
    ^([A-Za-z0-9.-]*\.)?outlook\.office365\.com\.?/

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • 0 in reply to Vivek Jagad

    Thank you four your suggestions.

    The certificate is valid until 2037, so I suspect your solution may be helpful. Our firmware is SFOS 19.0.1 MR-1-Build365.

    We will try this as soon as possible and give a feedback here.

  • 0 in reply to Peter-Paul Gras

    Thank you four your suggestions.

    If above solution doesn't help I will try this.

Unfiltered HTML