Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Unable to modify web exception list - BUG

With EAP3-1,

certain web exceptions cannot be edit, enabled or deleted. UI BUG?

Check the screenshots.

Tried with FF, Chrome and Safari.

  • Not a bug.

    Many releases ago, Sophos introduced a set of out-of-box exceptions.  They were read-write and modifiable by customers.

    This has made it hard for Sophos to add more domains to the exceptions, because customers may have modified the list.  It was rare, but sometimes support would spend a long time trying to figure out why things were not working on a customer box, only to find they had modified the exceptions.

    In a new v18 installation you will find the same list of exceptions, but they are all read-only with the only ability to clone them.  It basically makes it a Sophos-managed list (similar to the URL Group "Managed TLS exclusion list").

    For any v17.5 -> v18 upgrade there is a check during migration.  If the list is exactly as we expect, it is just made read-only (like your Sophos Services).  If it has been changed by a customer, a copy is made with the word "Original" appended and it is enabled with the sophos-managed one disabled (like you Legacy HTTPS Exceptions).  So upgraded customers who have modified the list should get no change in behavior (and are using their list) while the majority of customers who have not modified the list will just see the list go from read-write to read-only.