Sophos XG web exceptions for Office 365 not working

Question

Hello, 
 We implemented the Office 365 exceptions by following this guide: https://support.sophos.com/support/s/article/KB-000038173?language=en_US 
 For example, one of those entries looks like this: 
 
 However, it seems not working because our users still have pop-ups coming from Outlook regarding the same URL: 
 
 From our understanding, the exception should avoid any SSL/TLS interception, even if it matches any firewall rule, is it correct or not ? 
 Did we do something wrong or missing some steps ? 
 Thanks a lot for your input.

Vivek Jagad · Answer

Hello Soleil , Thank you for reaching out to the community, this looks like Sophos CA certificate is expired, To regenerate the SecurityAppliance_SSL_CA you need to go to System >> Certificates >> Certificate Authorities >> SecurtyAppliance_SSL_CA and click the gear icon, this will regenerate the SecurityAppliance_SSL_CA certificate. May we know the firmware used on the Firewall ? As there was also a known issue - Expired certificate in certcache are being used rather than generating new ones - NC-100265 . If that is the case then , t he workaround is relatively simple. Web Service will be interrupted for a minute or two, so do this during off hours. Non web traffic will not be affected. touch /var/certcache/.clear_all_certs_on_reload service -ds nosync awarrenhttp:restart If this does not resolve the problem it may be a different cause - complicated by the fact that you have XG, RED, and EP all potentially trying to do HTTPS decryption.

Sophos XG web exceptions for Office 365 not working

Top Replies