Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Switch and AP6 URL Allow List for XGS Firewall

Hello Sophos Team,

is there a Documentation on what URLs / IPs need to be in a Firewall Rule for Destination Host?

I know the Ports that are needed: HTTPS / NTP / DNS -> Forwarded to Firewall IP and Uplink to DNS Protection

Just found a List for the other Services: Domains and ports to allow - Sophos Central Admin

Would love to establish secure connections for the Sophos Cloud Managed Products.

Sincerely

Eli.



This thread was automatically locked due to age.
Parents
  • Hello Eli,

    Thanks for reaching out to Sophos Community.

    Could you elaborate further on what you're trying to achieve and configure?

    Do you plan to use Sophos DNS Protection on your Sophos Firewall? 

    Kindly confirm if my understanding is correct. Thank you

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hello Raphael,

    what I need is a URL / IP and Ports allow list for the following devices:

    - Sophos Switches

    - Sophos AP6 Access Points with Captive Portal

    This will be configured to a Sophos XGS Firewall Destination Host entry. Like this only qualified devices are allowed to connect. 

    Best regards

    Eli.

  • Hi,

    you register your devices in your cm account and they negotiate secure connections without you adding rules to the firewall.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello rfcat_vk,

    we are very strict and only allow specified documented connections to some costumers. Simple allowing SWITCHZONE from NETWORKIP to WAN = ANY is not advisable. 

    We need URLs / IPs with Ports and Protocoll to were those devices connect to.

    Thank you 

    Sincerely

    Eli.

Reply
  • Hello rfcat_vk,

    we are very strict and only allow specified documented connections to some costumers. Simple allowing SWITCHZONE from NETWORKIP to WAN = ANY is not advisable. 

    We need URLs / IPs with Ports and Protocoll to were those devices connect to.

    Thank you 

    Sincerely

    Eli.

Children