Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Web Filter blocks Office Updates

Hi guys,

I know this topic has been discussed a lot already. But all of a sudden we have that problem with many UTM installation at our clients.

We have done a lot of research and added all the exceptions we could find regarding this topic. However it is not working anymore.

If we set the Web Filter Exception to "coming from theses network" => "internal network" then the updates are working fine. So we are sure that web filter is the problem but of cource we can't leave this execption. It was only testing purpose.

Below you can see the list of exception we have already added but not working. Could someone help please? Our customers are using Office 2019 click to run and also Office 365.

Thanks in advance!!

^([A-Za-z0-9.-]*\.)?officeapps\.live\.com/
^([A-Za-z0-9.-]*\.)?online\.office\.com/
^([A-Za-z0-9.-]*\.)?office\.live\.com/
^([A-Za-z0-9.-]*\.)?cdn\.office\.net/
^([A-Za-z0-9.-]*\.)?contentstorage\.osi\.office\.net/
^([A-Za-z0-9.-]*\.)?onenote\.com/
^([A-Za-z0-9.-]*\.)?cdn\.onenote\.net/
^([A-Za-z0-9.-]*\.)?ajax\.aspnetcdn\.com/
^([A-Za-z0-9.-]*\.)?apis\.live\.net/
^([A-Za-z0-9.-]*\.)?www\.onedrive\.com/
^([A-Za-z0-9.-]*\.)?auth\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?msftidentity\.com/
^([A-Za-z0-9.-]*\.)?msidentity\.com/
^([A-Za-z0-9.-]*\.)?account\.activedirectory\.windowsazure\.com/
^([A-Za-z0-9.-]*\.)?accounts\.accesscontrol\.windows\.net/
^([A-Za-z0-9.-]*\.)?adminwebservice\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?api\.passwordreset\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?autologon\.microsoftazuread-sso\.com/
^([A-Za-z0-9.-]*\.)?becws\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?ccs\.login\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?clientconfig\.microsoftonline-p\.net/
^([A-Za-z0-9.-]*\.)?companymanager\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?device\.login\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?graph\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?graph\.windows\.net/
^([A-Za-z0-9.-]*\.)?login\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?login\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?login\.microsoftonline-p\.com/
^([A-Za-z0-9.-]*\.)?login\.windows\.net/
^([A-Za-z0-9.-]*\.)?logincert\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?loginex\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?login-us\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?nexus\.microsoftonline-p\.com/
^([A-Za-z0-9.-]*\.)?passwordreset\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?provisioningapi\.microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?hip\.live\.com/
^([A-Za-z0-9.-]*\.)?microsoftonline\.com/
^([A-Za-z0-9.-]*\.)?microsoftonline-p\.com/
^([A-Za-z0-9.-]*\.)?msauth\.net/
^([A-Za-z0-9.-]*\.)?msauthimages\.net/
^([A-Za-z0-9.-]*\.)?msecnd\.net/
^([A-Za-z0-9.-]*\.)?msftauth\.net/
^([A-Za-z0-9.-]*\.)?msftauthimages\.net/
^([A-Za-z0-9.-]*\.)?phonefactor\.net/
^([A-Za-z0-9.-]*\.)?enterpriseregistration\.windows\.net/
^([A-Za-z0-9.-]*\.)?management\.azure\.com/
^([A-Za-z0-9.-]*\.)?policykeyservice\.dc\.ad\.msft\.net/
^([A-Za-z0-9.-]*\.)?compliance\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?protection\.office\.com/
^([A-Za-z0-9.-]*\.)?security\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?defender\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?account\.office\.net/
^([A-Za-z0-9.-]*\.)?portal\.cloudappsecurity\.com/
^([A-Za-z0-9.-]*\.)?suite\.office\.net/
^([A-Za-z0-9.-]*\.)?aria\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?events\.data\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?o365weve\.com/
^([A-Za-z0-9.-]*\.)?amp\.azure\.net/
^([A-Za-z0-9.-]*\.)?appsforoffice\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?assets\.onestore\.ms/
^([A-Za-z0-9.-]*\.)?auth\.gfx\.ms/
^([A-Za-z0-9.-]*\.)?c1\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?dgps\.support\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?docs\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?msdn\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?platform\.linkedin\.com/
^([A-Za-z0-9.-]*\.)?prod\.msocdn\.com/
^([A-Za-z0-9.-]*\.)?shellprod\.msocdn\.com/
^([A-Za-z0-9.-]*\.)?support\.content\.office\.net/
^([A-Za-z0-9.-]*\.)?support\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?technet\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?videocontent\.osi\.office\.net/
^([A-Za-z0-9.-]*\.)?videoplayercdn\.osi\.office\.net/
^([A-Za-z0-9.-]*\.)?office365\.com/
^([A-Za-z0-9.-]*\.)?aadrm\.com/
^([A-Za-z0-9.-]*\.)?azurerms\.com/
^([A-Za-z0-9.-]*\.)?informationprotection\.azure\.com/
^([A-Za-z0-9.-]*\.)?ecn\.dev\.virtualearth\.net/
^([A-Za-z0-9.-]*\.)?informationprotection\.hosting\.portal\.azure\.net/
^([A-Za-z0-9.-]*\.)?o15\.officeredir\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?officepreviewredir\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?officeredir\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?r\.office\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?activation\.sls\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?crl\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?office15client\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?officeclient\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?insertmedia\.bing\.office\.net/
^([A-Za-z0-9.-]*\.)?go\.microsoft\.net/
^([A-Za-z0-9.-]*\.)?cdn\.odc\.officeapps\.live\.com/
^([A-Za-z0-9.-]*\.)?officecdn\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?officecdn\.microsoft\.com\.edgesuite\.net/
^([A-Za-z0-9.-]*\.)?entrust\.net/
^([A-Za-z0-9.-]*\.)?geotrust\.com/
^([A-Za-z0-9.-]*\.)?omniroot\.com/
^([A-Za-z0-9.-]*\.)?public-trust\.com/
^([A-Za-z0-9.-]*\.)?symcb\.com/
^([A-Za-z0-9.-]*\.)?symcd\.com/
^([A-Za-z0-9.-]*\.)?verisign\.com/
^([A-Za-z0-9.-]*\.)?verisign\.net/
^([A-Za-z0-9.-]*\.)?apps\.identrust\.com/
^([A-Za-z0-9.-]*\.)?cacerts\.digicert\.com/
^([A-Za-z0-9.-]*\.)?cert\.int-x3\.letsencrypt\.org/
^([A-Za-z0-9.-]*\.)?crl\.globalsign\.com/
^([A-Za-z0-9.-]*\.)?crl\.globalsign\.net/
^([A-Za-z0-9.-]*\.)?crl\.identrust\.com/
^([A-Za-z0-9.-]*\.)?crl3\.digicert\.com/
^([A-Za-z0-9.-]*\.)?crl4\.digicert\.com/
^([A-Za-z0-9.-]*\.)?isrg\.trustid\.ocsp\.identrust\.com/
^([A-Za-z0-9.-]*\.)?mscrl\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?ocsp\.digicert\.com/
^([A-Za-z0-9.-]*\.)?ocsp\.globalsign\.com/
^([A-Za-z0-9.-]*\.)?ocsp\.msocsp\.com/
^([A-Za-z0-9.-]*\.)?ocsp2\.globalsign\.com/
^([A-Za-z0-9.-]*\.)?ocspx\.digicert\.com/
^([A-Za-z0-9.-]*\.)?secure\.globalsign\.com/
^([A-Za-z0-9.-]*\.)?www\.digicert\.com/
^([A-Za-z0-9.-]*\.)?www\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?config\.office\.net/
^([A-Za-z0-9.-]*\.)?manage\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?office\.com/
^([A-Za-z0-9.-]*\.)?cdnprod\.myanalytics\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?myanalytics\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?myanalytics-gcc\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?workplaceanalytics\.cdn\.office\.net/
^([A-Za-z0-9.-]*\.)?azure-apim\.net/
^([A-Za-z0-9.-]*\.)?flow\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?powerapps\.com/
^([A-Za-z0-9.-]*\.)?activity\.windows\.com/
^([A-Za-z0-9.-]*\.)?ocsp\.int-x3\.letsencrypt\.org/
^([A-Za-z0-9.-]*\.)?cortana\.ai/
^([A-Za-z0-9.-]*\.)?admin\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?cdn\.uci\.officeapps\.live\.com/
^([A-Za-z0-9.-]*\.)?microsoft\.com/
^([A-Za-z0-9.-]*\.)?msocdn\.com/
^([A-Za-z0-9.-]*\.)?office\.com/
^([A-Za-z0-9.-]*\.)?office\.net/
^([A-Za-z0-9.-]*\.)?onmicrosoft\.com/
^([A-Za-z0-9.-]*\.)?ntservicepack\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?emdl\.ws\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?dl\.delivery\.mp\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?windowsupdate\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?update\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?wustat\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?windowsupdate\.com/
^([A-Za-z0-9.-]*\.)?crl\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?download\.microsoft\.com/
^([A-Za-z0-9.-]*\.)?go\.microsoft\.com/
officecdn.microsoft.com.edgesuite.net
Officecdn.microsoft.com
^https?://officecdn\.microsoft\.com
^https?://([A-Za-z0-9.-]*\.)?microsoft\.com\.edgesuite\.net/
^https?://officecdn\.microsoft\.com\.edgesuite\.net/
^([A-Za-z0-9.-]*\.)?windows\.com/
^([A-Za-z0-9.-]*\.)?officecdn.microsoft\.com/
^([A-Za-z0-9.-]*\.)?officecdn.microsoft.com.edgesuite.net/
^([A-Za-z0-9.-]*\.)?microsoft\.com/
^([A-Za-z0-9.-]*\.)?windowsupdate\.com/



This thread was automatically locked due to age.
Parents
  • Just change this in your Web Exceptions (include the https?:// in the one you have already, you have this RegEx entry)

    ^https?://([A-Za-z0-9.-]*\.)?cdn\.office\.net/

    I find it really hard to believe that you need that many exceptions just to get updates, I have a total of four, three of them were auto installed.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Amodin, you are my hero!!

    Works like a charm. Thanks a lot mate! :-)

    I also disabled all the other exceptions and it is still working. That's great!

  • Glad to hear it worked!

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply Children
No Data