Thread Info
  • Replies 8 replies
  • Subscribers 32 subscribers
  • Views 8420 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: XML Import for Internetv4 Objects

LuCar Toni

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

______________________________________________________________________________________________________________________________________

Overview

This Recommended Read highlights how to Import via XML Intervnetv4 objects.

Create the object

We have a KBA to create an Internetv4 Object in our KB: https://support.sophos.com/support/s/article/KB-000037154?language=en_US 

This KB uses a smaller script to create the objects via CLI. 

These object(s) are used to define the WAN in general. Uses cases like SD-WAN Policy-based Routes or NAT are possible.

If you do not want to create the object via script, you can use the XML Export in this thread. 

Using XML 

Simply download the .zip. (Located at the bottom of this RR)  Unzip it once (you should get a .tar) and upload the .tar to the SFOS Appliance in Backup & Firmware - Import Export.

Case Example

One example of the use case in PBR:

XML File

:Internetv4_version2.zip

______________________________________________________________________________________________________________________________________



Table of Contents
[edited by: emmosophos at 1:12 AM (GMT -8) on 6 Dec 2023]
Parents

  • That's great, thanks LuCar Toni

    I enhanced the object a little bit, as 2 of the non routeable RFC5737 networks 198.51.100.0/24 und 203.0.113.0/24 are not included (or more exactly excluded) in the internet v4 object. I for example use those ranges in my internal lab network for documentation reasons (as a 203.x.x.x IP looks more "real" or "public" for a WAN Interface IP address address than a 172.x.x.x for example). So I attach the slightly modified "IPv4Internet_excl_RFC5737" object here. Feel free to use LuCar Toni's version or that one. As most likely 99,xxx% of the people anyway doesn't use those RFC5737 ranges, it won't make any noticeable difference anyway.

    Same instruction as above - first extract the .tar out of the .zip file and import in in your Sophos Firewall.

    IPv4Internet_excl_RFC5737_v2_2.zip

    Update 2021-08-26: Updated Object XML API Version Header to support import into SFOS v17.x onwards

  • in reply to SaschaParis

    Hi Sascha

    in case you want to rebuilt your object with proper subnets instead of range objects. 

    set subnet 0.0.0.0 248.0.0.0
    set subnet 8.0.0.0 254.0.0.0
    set subnet 11.0.0.0 255.0.0.0
    set subnet 12.0.0.0 252.0.0.0
    set subnet 16.0.0.0 240.0.0.0
    set subnet 32.0.0.0 224.0.0.0
    set subnet 64.0.0.0 192.0.0.0
    set subnet 128.0.0.0 224.0.0.0
    set subnet 160.0.0.0 248.0.0.0
    set subnet 168.0.0.0 252.0.0.0
    set subnet 172.0.0.0 255.240.0.0
    set subnet 172.32.0.0 255.240.0.0
    set subnet 172.64.0.0 255.192.0.0
    set subnet 172.128.0.0 255.128.0.0
    set subnet 173.0.0.0 255.0.0.0
    set subnet 174.0.0.0 254.0.0.0
    set subnet 176.0.0.0 240.0.0.0
    set subnet 192.128.0.0 255.224.0.0
    set subnet 192.160.0.0 255.248.0.0
    set subnet 192.169.0.0 255.255.0.0
    set subnet 192.170.0.0 255.254.0.0
    set subnet 192.172.0.0 255.252.0.0
    set subnet 192.176.0.0 255.240.0.0
    set subnet 192.192.0.0 255.192.0.0
    set subnet 192.0.0.0 255.255.254.0
    set subnet 192.0.3.0 255.255.255.0
    set subnet 192.0.4.0 255.255.252.0
    set subnet 192.0.8.0 255.255.248.0
    set subnet 192.0.16.0 255.255.240.0
    set subnet 192.0.32.0 255.255.224.0
    set subnet 192.0.64.0 255.255.192.0
    set subnet 192.0.128.0 255.255.128.0
    set subnet 192.1.0.0 255.255.0.0
    set subnet 192.2.0.0 255.254.0.0
    set subnet 192.4.0.0 255.252.0.0
    set subnet 192.8.0.0 255.248.0.0
    set subnet 192.16.0.0 255.240.0.0
    set subnet 192.32.0.0 255.224.0.0
    set subnet 192.0.0.0 255.128.0.0
    set subnet 193.0.0.0 255.0.0.0
    set subnet 194.0.0.0 254.0.0.0
    set subnet 196.0.0.0 252.0.0.0
    set subnet 198.0.0.0 255.224.0.0
    set subnet 198.32.0.0 255.240.0.0
    set subnet 198.48.0.0 255.254.0.0
    set subnet 198.50.0.0 255.255.0.0
    set subnet 198.51.0.0 255.255.192.0
    set subnet 198.51.64.0 255.255.224.0
    set subnet 198.51.96.0 255.255.252.0
    set subnet 198.51.101.0 255.255.255.0
    set subnet 198.51.102.0 255.255.254.0
    set subnet 198.51.104.0 255.255.248.0
    set subnet 198.51.112.0 255.255.240.0
    set subnet 198.51.128.0 255.255.128.0
    set subnet 198.52.0.0 255.252.0.0
    set subnet 198.56.0.0 255.248.0.0
    set subnet 198.64.0.0 255.192.0.0
    set subnet 198.128.0.0 255.128.0.0
    set subnet 199.0.0.0 255.0.0.0
    set subnet 200.0.0.0 254.0.0.0
    set subnet 202.0.0.0 255.0.0.0
    set subnet 203.0.0.0 255.255.192.0
    set subnet 203.0.64.0 255.255.224.0
    set subnet 203.0.96.0 255.255.240.0
    set subnet 203.0.112.0 255.255.255.0
    set subnet 203.0.114.0 255.255.254.0
    set subnet 203.0.116.0 255.255.252.0
    set subnet 203.0.120.0 255.255.248.0
    set subnet 203.0.128.0 255.255.128.0
    set subnet 203.1.0.0 255.255.0.0
    set subnet 203.2.0.0 255.254.0.0
    set subnet 203.4.0.0 255.252.0.0
    set subnet 203.8.0.0 255.248.0.0
    set subnet 203.16.0.0 255.240.0.0
    set subnet 203.32.0.0 255.224.0.0
    set subnet 203.64.0.0 255.192.0.0
    set subnet 203.128.0.0 255.128.0.0
    set subnet 204.0.0.0 252.0.0.0
    set subnet 208.0.0.0 240.0.0.0
    set subnet 240.0.0.0 240.0.0.0

Reply
  • in reply to SaschaParis

    Hi Sascha

    in case you want to rebuilt your object with proper subnets instead of range objects. 

    set subnet 0.0.0.0 248.0.0.0
    set subnet 8.0.0.0 254.0.0.0
    set subnet 11.0.0.0 255.0.0.0
    set subnet 12.0.0.0 252.0.0.0
    set subnet 16.0.0.0 240.0.0.0
    set subnet 32.0.0.0 224.0.0.0
    set subnet 64.0.0.0 192.0.0.0
    set subnet 128.0.0.0 224.0.0.0
    set subnet 160.0.0.0 248.0.0.0
    set subnet 168.0.0.0 252.0.0.0
    set subnet 172.0.0.0 255.240.0.0
    set subnet 172.32.0.0 255.240.0.0
    set subnet 172.64.0.0 255.192.0.0
    set subnet 172.128.0.0 255.128.0.0
    set subnet 173.0.0.0 255.0.0.0
    set subnet 174.0.0.0 254.0.0.0
    set subnet 176.0.0.0 240.0.0.0
    set subnet 192.128.0.0 255.224.0.0
    set subnet 192.160.0.0 255.248.0.0
    set subnet 192.169.0.0 255.255.0.0
    set subnet 192.170.0.0 255.254.0.0
    set subnet 192.172.0.0 255.252.0.0
    set subnet 192.176.0.0 255.240.0.0
    set subnet 192.192.0.0 255.192.0.0
    set subnet 192.0.0.0 255.255.254.0
    set subnet 192.0.3.0 255.255.255.0
    set subnet 192.0.4.0 255.255.252.0
    set subnet 192.0.8.0 255.255.248.0
    set subnet 192.0.16.0 255.255.240.0
    set subnet 192.0.32.0 255.255.224.0
    set subnet 192.0.64.0 255.255.192.0
    set subnet 192.0.128.0 255.255.128.0
    set subnet 192.1.0.0 255.255.0.0
    set subnet 192.2.0.0 255.254.0.0
    set subnet 192.4.0.0 255.252.0.0
    set subnet 192.8.0.0 255.248.0.0
    set subnet 192.16.0.0 255.240.0.0
    set subnet 192.32.0.0 255.224.0.0
    set subnet 192.0.0.0 255.128.0.0
    set subnet 193.0.0.0 255.0.0.0
    set subnet 194.0.0.0 254.0.0.0
    set subnet 196.0.0.0 252.0.0.0
    set subnet 198.0.0.0 255.224.0.0
    set subnet 198.32.0.0 255.240.0.0
    set subnet 198.48.0.0 255.254.0.0
    set subnet 198.50.0.0 255.255.0.0
    set subnet 198.51.0.0 255.255.192.0
    set subnet 198.51.64.0 255.255.224.0
    set subnet 198.51.96.0 255.255.252.0
    set subnet 198.51.101.0 255.255.255.0
    set subnet 198.51.102.0 255.255.254.0
    set subnet 198.51.104.0 255.255.248.0
    set subnet 198.51.112.0 255.255.240.0
    set subnet 198.51.128.0 255.255.128.0
    set subnet 198.52.0.0 255.252.0.0
    set subnet 198.56.0.0 255.248.0.0
    set subnet 198.64.0.0 255.192.0.0
    set subnet 198.128.0.0 255.128.0.0
    set subnet 199.0.0.0 255.0.0.0
    set subnet 200.0.0.0 254.0.0.0
    set subnet 202.0.0.0 255.0.0.0
    set subnet 203.0.0.0 255.255.192.0
    set subnet 203.0.64.0 255.255.224.0
    set subnet 203.0.96.0 255.255.240.0
    set subnet 203.0.112.0 255.255.255.0
    set subnet 203.0.114.0 255.255.254.0
    set subnet 203.0.116.0 255.255.252.0
    set subnet 203.0.120.0 255.255.248.0
    set subnet 203.0.128.0 255.255.128.0
    set subnet 203.1.0.0 255.255.0.0
    set subnet 203.2.0.0 255.254.0.0
    set subnet 203.4.0.0 255.252.0.0
    set subnet 203.8.0.0 255.248.0.0
    set subnet 203.16.0.0 255.240.0.0
    set subnet 203.32.0.0 255.224.0.0
    set subnet 203.64.0.0 255.192.0.0
    set subnet 203.128.0.0 255.128.0.0
    set subnet 204.0.0.0 252.0.0.0
    set subnet 208.0.0.0 240.0.0.0
    set subnet 240.0.0.0 240.0.0.0

Children
Unfiltered HTML