We are in the process of migrating to Office365. As part of the process, the networked is evaluated and the first recommendation by Microsoft is to remove any proxies from the path between the user and Office365. The problem with this is that MS has a ton of IP Address ranges and URLs.
The primary guidelines are:
Really good overview of their philosophy from Ignite:
Here is the entire IP/URL List in XML format: https://support.content.office.net/en-us/static/O365IPAddresses.xml
The problem I see is managing the list of IP Addresses and URLs. The list is long and changes somewhat frequently, so it's not just a matter of doing it once, you have to maintain it. As far as I know, there is no Network object in the UTM that let's you drop a list of subnets. That wouldn't be bad. But it appears that each subnet has to be created as a network definition and them maybe added to a group. But some places in Sophos do not accept groups, so then each subnet would have to be dragged one at a time in the interface. Again tedious to implement and more tedious to maintain.
I could use the API, but that would have to be run against each UTM. This will take a bit of work to implement, but may be the best solution long term.
Has anyone discovered an easy solution to keeping this type of thing up to date?
Next question, after downloading the MS IP addresses, the total count is 659 subnets. Can the Sophos handle that many network objects? Sometimes it struggles enumerating network definitions and I only have 450 now.
Done. Updated all three UTM devices using PowerShell and the Sophos API. I am relatively new to PowerShell, so this was quite an exercise, I hope this might help others map the Sophos API examples to PowerShell commands.
I am calling the script above with this script. This script maintains the list of Sophos devices and they API Keys. Loops through the list calling other specified script. I plan to create a few other scripts to update other components and this way the API keys are maintained in a single script I can secure a bit more than usual.
Thanks, Tim - this thread is a great contribution! I'll prioritize this at the top of this forum with "forever" selected.
Cheers - Bob