XML Import for Internetv4 Objects

Hi all,

This Recommended Read highlights how to Import via XML Intervnetv4 objects.

Overview

We have a KBA to create an Internetv4 Object in our KB: https://support.sophos.com/support/s/article/KB-000037154?language=en_US 

This KB uses a smaller script to create the objects via CLI. 

These object(s) are used to define the WAN in general. Uses cases like SD-WAN Policy-based Routes or NAT are possible.

If you do not want to create the object via script, you can use the XML Export in this thread. 

Using XML 

Simply download the .zip. (Located at the bottom of this RR)  Unzip it once (you should get a .tar) and upload the .tar to the SFOS Appliance in Backup & Firmware - Import Export.

Case Example

One example of the use case in PBR:

XML File

:Internetv4_version2.zip



Table of Content
[edited by: emmosophos at 11:50 PM (GMT -7) on 13 Oct 2022]
  • That's great, thanks LuCar Toni

    I enhanced the object a little bit, as 2 of the non routeable RFC5737 networks 198.51.100.0/24 und 203.0.113.0/24 are not included (or more exactly excluded) in the internet v4 object. I for example use those ranges in my internal lab network for documentation reasons (as a 203.x.x.x IP looks more "real" or "public" for a WAN Interface IP address address than a 172.x.x.x for example). So I attach the slightly modified "IPv4Internet_excl_RFC5737" object here. Feel free to use LuCar Toni's version or that one. As most likely 99,xxx% of the people anyway doesn't use those RFC5737 ranges, it won't make any noticeable difference anyway.

    Same instruction as above - first extract the .tar out of the .zip file and import in in your Sophos Firewall.

    IPv4Internet_excl_RFC5737_v2_2.zip

    Update 2021-08-26: Updated Object XML API Version Header to support import into SFOS v17.x onwards

  • This Object is currently not supported in V18.5 MR2. Fix in progress. 

    __________________________________________________________________________________________________________________

  • Just FYI: There is a general problem in V18.5 MR2 and V19.0 EAP1, preventing this import. Objects already imported in a previous version are 100% functional. This is fixed in the upcoming Releases (V18.5 MR3 // V19.0 EAP2). 

    __________________________________________________________________________________________________________________

  • Hi Sascha

    in case you want to rebuilt your object with proper subnets instead of range objects. 

    set subnet 0.0.0.0 248.0.0.0
    set subnet 8.0.0.0 254.0.0.0
    set subnet 11.0.0.0 255.0.0.0
    set subnet 12.0.0.0 252.0.0.0
    set subnet 16.0.0.0 240.0.0.0
    set subnet 32.0.0.0 224.0.0.0
    set subnet 64.0.0.0 192.0.0.0
    set subnet 128.0.0.0 224.0.0.0
    set subnet 160.0.0.0 248.0.0.0
    set subnet 168.0.0.0 252.0.0.0
    set subnet 172.0.0.0 255.240.0.0
    set subnet 172.32.0.0 255.240.0.0
    set subnet 172.64.0.0 255.192.0.0
    set subnet 172.128.0.0 255.128.0.0
    set subnet 173.0.0.0 255.0.0.0
    set subnet 174.0.0.0 254.0.0.0
    set subnet 176.0.0.0 240.0.0.0
    set subnet 192.128.0.0 255.224.0.0
    set subnet 192.160.0.0 255.248.0.0
    set subnet 192.169.0.0 255.255.0.0
    set subnet 192.170.0.0 255.254.0.0
    set subnet 192.172.0.0 255.252.0.0
    set subnet 192.176.0.0 255.240.0.0
    set subnet 192.192.0.0 255.192.0.0
    set subnet 192.0.0.0 255.255.254.0
    set subnet 192.0.3.0 255.255.255.0
    set subnet 192.0.4.0 255.255.252.0
    set subnet 192.0.8.0 255.255.248.0
    set subnet 192.0.16.0 255.255.240.0
    set subnet 192.0.32.0 255.255.224.0
    set subnet 192.0.64.0 255.255.192.0
    set subnet 192.0.128.0 255.255.128.0
    set subnet 192.1.0.0 255.255.0.0
    set subnet 192.2.0.0 255.254.0.0
    set subnet 192.4.0.0 255.252.0.0
    set subnet 192.8.0.0 255.248.0.0
    set subnet 192.16.0.0 255.240.0.0
    set subnet 192.32.0.0 255.224.0.0
    set subnet 192.0.0.0 255.128.0.0
    set subnet 193.0.0.0 255.0.0.0
    set subnet 194.0.0.0 254.0.0.0
    set subnet 196.0.0.0 252.0.0.0
    set subnet 198.0.0.0 255.224.0.0
    set subnet 198.32.0.0 255.240.0.0
    set subnet 198.48.0.0 255.254.0.0
    set subnet 198.50.0.0 255.255.0.0
    set subnet 198.51.0.0 255.255.192.0
    set subnet 198.51.64.0 255.255.224.0
    set subnet 198.51.96.0 255.255.252.0
    set subnet 198.51.101.0 255.255.255.0
    set subnet 198.51.102.0 255.255.254.0
    set subnet 198.51.104.0 255.255.248.0
    set subnet 198.51.112.0 255.255.240.0
    set subnet 198.51.128.0 255.255.128.0
    set subnet 198.52.0.0 255.252.0.0
    set subnet 198.56.0.0 255.248.0.0
    set subnet 198.64.0.0 255.192.0.0
    set subnet 198.128.0.0 255.128.0.0
    set subnet 199.0.0.0 255.0.0.0
    set subnet 200.0.0.0 254.0.0.0
    set subnet 202.0.0.0 255.0.0.0
    set subnet 203.0.0.0 255.255.192.0
    set subnet 203.0.64.0 255.255.224.0
    set subnet 203.0.96.0 255.255.240.0
    set subnet 203.0.112.0 255.255.255.0
    set subnet 203.0.114.0 255.255.254.0
    set subnet 203.0.116.0 255.255.252.0
    set subnet 203.0.120.0 255.255.248.0
    set subnet 203.0.128.0 255.255.128.0
    set subnet 203.1.0.0 255.255.0.0
    set subnet 203.2.0.0 255.254.0.0
    set subnet 203.4.0.0 255.252.0.0
    set subnet 203.8.0.0 255.248.0.0
    set subnet 203.16.0.0 255.240.0.0
    set subnet 203.32.0.0 255.224.0.0
    set subnet 203.64.0.0 255.192.0.0
    set subnet 203.128.0.0 255.128.0.0
    set subnet 204.0.0.0 252.0.0.0
    set subnet 208.0.0.0 240.0.0.0
    set subnet 240.0.0.0 240.0.0.0

  • Network Subnet Objects are sometimes not usable in all modules. Therefore the most usable tool is IP Range. 

    __________________________________________________________________________________________________________________

  • Hi LuCar Toni,

    thank you for this solution. I found it because of the need to define SD-WAN rules. And when adding a rule on my XGS 18.5.4 in the help there is a help popup showing when the mouse pointer stays on "Any" in "Destination networks". In this animated help popup there are shown the "Internet IPv4..." objects you described here.

    In the past these objects where predefined in the Sophos UTM. Why do you have to create the objects yourself when the help directly refers to them? ;)

  • SFOSv19.0 and V19.5 include this object per default. 

    __________________________________________________________________________________________________________________