Sophos Firewall M365 exceptions (host objects)

This article was created with the help of a translation tool. Although we check the translation, errors in the content cannot be ruled out. Please bear this in mind when using the content. Thank you for your understanding.

For all those who would like to have current Sophos Firewall M365 exceptions as host objects in the rules or web exceptions, here is the solution!
The manual creation of objects in the Sophos Firewall can be very tedious in some cases. Especially if there are many objects involved

tested with SFOS 19.5.x to 20.0.x

Introduction

Below you can download Sophos M365 objects for exceptions as an XML import. The files are created daily at 6 a.m. when a new version is available online.
Microsoft provides a list for this purpose which I use. You can also view the original list here.

Sophos has also provided a list here in KB000038173. The disadvantage here, however, is that it is not up-to-date and creates a huge number of entries for the web exceptions in particular AND only the web exceptions are offered - you will search in vain for IP objects here.

What is the exact difference to the Sophos list?
  • The web exceptions are summarized in four groups: Exchange, Skype, SharePoint and Common
  • Host objects and groups are created for the IP addresses
  • Separate host objects are only offered for the mail services: SMTP, SMTPs. IMAP and POP3
What are the advantages?
  • Daily updated
  • Host objects for IP addresses
  • Fewer web exception entries (Sophos has a limit here which is reached more quickly with the Sophos list)
  • Clearer due to fewer objects overall
What are the disadvantages?
  • By grouping the entries into the Exchange, Skype, SharePoint and Common categories, the web exceptions on the firewall are more generous than Sophos's template
  • otherwise none 🙂

If you think something is missing or incorrect, please contact us.

Attention

  • As always, import into your firewall at your own risk.
  • Despite processing the official Microsoft list, I do not guarantee completeness
  • Adjustments in MS can lead to errors in the automatic creation of new XML files. I only check the correctness of the downloads sporadically, or when I use them myself.
  • If you want to be on the safe side, import into a test system beforehand (e.g. free test VM of a Sophos)
  • Existing objects may be overwritten if the names of the objects are identical. Here I offer a version with a suffix in the name
  • Obsolete objects are not deleted from the firewall by the import. However, web exceptions and groups are up-to-date after import.

Information about the version

Source: M365
Instance: Worldwide
Current version at M365: 2024103100
Version on ITW: 2024103100 (aktuell)

Download

If the current version is not displayed below, it has not yet been generated automatically or the generation has run into an error.
Automatic generation takes place daily at 6 a.m.!

Legend to the files contained in the download:

  • Mail IP objects: M365_xx-IP_Mail_zz_[_ITN].tar
  • Remaining IP objects: M365_xx-IP_zz[_ITN].tar
  • WebException: M365_xx-FQDN_zz[_ITN].tar

    xx -> EX = Exchange, SP = SharePoint, SK = Skype, CO = Common, ALL = all in one file
    zz -> version of the list (current Microsoft version is displayed at the top of the download page)
    [_ITN] -> All files with the suffix in their name also create the objects on the firewall with the same suffix. Otherwise identical to the other files.

Import into the firewall

You will find several TAR archives in the downloaded ZIP file. Any archive can be imported into the firewall. You can use the legend above to help you select the correct file.

Sophos Firewall M365 exceptions

The import itself is carried out via the menu items "Backup & Firmware"->"Import Export".

What are the names of the objects after import?
-> All objects are created with the prefix"M365_".

History

27.08.2023 - Error correction when creating IP objects for mail (smtp25 were not complete)

Copyright

Passing on the files is permitted. A reference to the IT-Tech.wiki website would be nice.

Public provision on other web servers is not permitted! Please ask if required.

Leave a Reply

Comments are not displayed directly, as they are released in moderation.


WordPress Cookie Plugin by Real Cookie Banner