For all those who would like to have current Sophos Firewall M365 exceptions as host objects in the rules or web exceptions, here is the solution!
The manual creation of objects in the Sophos Firewall can be very tedious in some cases. Especially if there are many objects involved
Introduction
Below you can download Sophos M365 objects for exceptions as an XML import. The files are created daily at 6 a.m. when a new version is available online.
Microsoft provides a list for this purpose which I use. You can also view the original list here.
Sophos has also provided a list here in KB000038173. The disadvantage here, however, is that it is not up-to-date and creates a huge number of entries for the web exceptions in particular AND only the web exceptions are offered - you will search in vain for IP objects here.
- The web exceptions are summarized in four groups: Exchange, Skype, SharePoint and Common
- Host objects and groups are created for the IP addresses
- Separate host objects are only offered for the mail services: SMTP, SMTPs. IMAP and POP3
- Daily updated
- Host objects for IP addresses
- Fewer web exception entries (Sophos has a limit here which is reached more quickly with the Sophos list)
- Clearer due to fewer objects overall
- By grouping the entries into the Exchange, Skype, SharePoint and Common categories, the web exceptions on the firewall are more generous than Sophos's template
- otherwise none 🙂
If you think something is missing or incorrect, please contact us.
- As always, import into your firewall at your own risk.
- Despite processing the official Microsoft list, I do not guarantee completeness
- Adjustments in MS can lead to errors in the automatic creation of new XML files. I only check the correctness of the downloads sporadically, or when I use them myself.
- If you want to be on the safe side, import into a test system beforehand (e.g. free test VM of a Sophos)
- Existing objects may be overwritten if the names of the objects are identical. Here I offer a version with a suffix in the name
- Obsolete objects are not deleted from the firewall by the import. However, web exceptions and groups are up-to-date after import.
Information about the version
Source: M365
Instance: Worldwide
Current version at M365: 2024103100
Version on ITW: 2024103100 (aktuell)
Download
If the current version is not displayed below, it has not yet been generated automatically or the generation has run into an error.
Automatic generation takes place daily at 6 a.m.!
Legend to the files contained in the download:
- Mail IP objects: M365_xx-IP_Mail_zz_[_ITN].tar
- Remaining IP objects: M365_xx-IP_zz[_ITN].tar
- WebException: M365_xx-FQDN_zz[_ITN].tar
xx -> EX = Exchange, SP = SharePoint, SK = Skype, CO = Common, ALL = all in one file
zz -> version of the list (current Microsoft version is displayed at the top of the download page)
[_ITN] -> All files with the suffix in their name also create the objects on the firewall with the same suffix. Otherwise identical to the other files.
Import into the firewall
You will find several TAR archives in the downloaded ZIP file. Any archive can be imported into the firewall. You can use the legend above to help you select the correct file.
The import itself is carried out via the menu items "Backup & Firmware"->"Import Export".
What are the names of the objects after import?
-> All objects are created with the prefix"M365_".
History
27.08.2023 - Error correction when creating IP objects for mail (smtp25 were not complete)