Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Zoom networks xml import file

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Table of Contents

Overview: 

This Recommended Read shares XML import file to import a list of Zoom networks into Sophos Firewall.

Zoom Network XML File

The zoom network list has increased to over 300 networks.

Attached is a Zip File, containing XML file packed into Entities.tar that containing all the networks listed on the Zoom site as of 2024 April 1st.

XML has been created as describes

 Sophos Firewall: Creating XML Objects with Notepad++ for mass import 

You can extract the .zip file below and import Entities.tar into your Sophos Firewall.

/cfs-file/__key/communityserver-discussions-components-files/258/zoom_5F00_iphosts.zip

______________________________________________________________________________________________________________________________________



Revamped RR
[edited by: Erick Jan at 10:38 AM (GMT -7) on 18 Sep 2024]
Parents
  • Hey LHerzog,

    Thank you very much for this file.  I have updated my cisco switches this morning for their object gorup for classifying/assigning dscp marking to the traffic.  An d was about to begin the daunting task of entering these into my firewall, then export to a file for adidng to each of my firewalls.  This was a time saver.  Thank you again.

    With the networks defined with this file, i woudl like to see how you use the ip networks ( I have added them to a Zoom ip host group)  for a firewall rule and what settings you put in place to guarantee QOS and such for them.   I've been struggling to grasp the systems services Traffic shaping ( do you guarantee on yoru firewalls?  what settings?) and which firewall rules should have a qos policy assigend to it (just the zoom rule or all rules?).  The documentation is not clear enough on this.

    If you want to PM or shat, please let me know.

    Thanks you,

    John.

Reply
  • Hey LHerzog,

    Thank you very much for this file.  I have updated my cisco switches this morning for their object gorup for classifying/assigning dscp marking to the traffic.  An d was about to begin the daunting task of entering these into my firewall, then export to a file for adidng to each of my firewalls.  This was a time saver.  Thank you again.

    With the networks defined with this file, i woudl like to see how you use the ip networks ( I have added them to a Zoom ip host group)  for a firewall rule and what settings you put in place to guarantee QOS and such for them.   I've been struggling to grasp the systems services Traffic shaping ( do you guarantee on yoru firewalls?  what settings?) and which firewall rules should have a qos policy assigend to it (just the zoom rule or all rules?).  The documentation is not clear enough on this.

    If you want to PM or shat, please let me know.

    Thanks you,

    John.

Children
  • Hi,

    you can put them into a group - that is fine.

    Besides https, allow these tcp and udp ports to those networks.

    also allow for these tcp and udp ports

    Disable TLS inspection in these fw rules.

    zoom.us is already included in the Managed TLS exclusion list. That is enough.

    We're not using them in QoS currently. The WAN line can handle that traffic easily currently.

    So I have not thought about that. But I would expect you need to QoS all of those destinations on all the UDP ports only. But as this list is so huge it may itself have performance impacts for the QoS decision computing by the firewall. You need to test if you need QoS and if it keeps currend bandwiths and latency for other traffic at good levels.

  • Article updated and Zoom networks updated as of 2024 April 1st.

    Zoom KB0060562.

  • Hi LHerzog,

    Thank you for updating the article and networks.  I'll work on this tomorrow for my firewalls.  

    Previously I removed the QoS configs from our Cisco Switches to let them just be switches and allow the XG's (soon the be XGS's) handle the task.

    Always appreciate your help.  Cheers!!

    John