Hello,
We implemented the Office 365 exceptions by following this guide: https://support.sophos.com/support/s/article/KB-000038173?language=en_US
For example, one of those entries looks like this:
However, it seems not working because our users still have pop-ups coming from Outlook regarding the same URL:
From our understanding, the exception should avoid any SSL/TLS interception, even if it matches any firewall rule, is it correct or not ?
Did we do something wrong or missing some steps ?
Thanks a lot for your input.
Hello Soleil ,
Thank you for reaching out to the community, this looks like Sophos CA certificate is expired, To regenerate the SecurityAppliance_SSL_CA you need to go to System >> Certificates >> Certificate Authorities >> SecurtyAppliance_SSL_CA and click the gear icon, this will regenerate the SecurityAppliance_SSL_CA certificate.
May we know the firmware used on the Firewall ? As there was also a known issue - Expired certificate in certcache are being used rather than generating new ones - NC-100265. If that is the case then , the workaround is relatively simple. Web Service will be interrupted for a minute or two, so do this during off hours. Non web traffic will not be affected.
touch /var/certcache/.clear_all_certs_on_reload
service -ds nosync awarrenhttp:restart
If this does not resolve the problem it may be a different cause - complicated by the fact that you have XG, RED, and EP all potentially trying to do HTTPS decryption.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Thank you four your suggestions.
The certificate is valid until 2037, so I suspect your solution may be helpful. Our firmware is SFOS 19.0.1 MR-1-Build365.
We will try this as soon as possible and give a feedback here.
How about trying a slightly different regex:
^([A-Za-z0-9.-]*\.)?outlook\.office\.com\.?/
^([A-Za-z0-9.-]*\.)?outlook\.office365\.com\.?/
Thank you four your suggestions.
If above solution doesn't help I will try this.