We are pleased to present another ITW development. A Sophos Firewall FQDN object import generator. XML imports for host objects, URL groups and web exceptions can be created in a flash from lists of FQDNs.
tested with SFOS 19.5.x to 20.0.x
Introduction
To this day, many people (including myself) struggle with the API. I don't want to badmouth the API. It is important and also practical, but not always the easier way when it comes to creating multiple objects. Activate API, set authorizations, allow access, search for script, authenticate, ... and so on.
I am therefore a friend of ready-made configuration snippets that can be imported in the GUI via the import function in a flash, without having to do much.
This is how this generator was created. You can enter a list of FQDNs, select which objects are to be created and the import file is ready. I have tried to make it as convenient as possible. Take a look at it and give it a try! 😀
What can be created?
Below you will find an overview of the configurations you can create using the generator.
FQDN host Objects under "Host and services -> FQDN host". This includes the FQDN itself, of course, but also the display name in some cases. You can add a prefix to the name. If no prefix is set, the FQDN is used. Due to the length restriction, the name may be shortened from the beginning. Other name options are not possible.
FQDN host group The host group "Host and services -> FQDN host group" depends on the creation of the individual host. If the option is set, all specified FQDN hosts are also packed into an FQDN host group. The name of the group is freely definable.
URL group in the proxy Under "Internet -> URL group" a new list can be filled with the specified FQDN. The name of the group is freely definable. Wildcards (*.) are removed.
URL exceptions in the proxy Exceptions can be created under "Internet -> Web Exceptions". However, only the URL field is ever filled in here. The exception options are all activated, but can be adjusted after the import. The name of the exception is freely definable.
Operating aid
Is the generator intuitive? Well, let's hope so. 😉 But the reality is often different. If only because everyone's understanding and level of knowledge is different. So here are a few tips.
General notes
Wildcard domains Wildcards are supported. Simply enter the FQDN with "*.domain.de". Any existing wildcard will be removed from the URL group.
Names Except for the naming of the FQDN hosts (only a prefix is possible here), you can freely choose the names of the configuration yourself. The selection of possible characters was deliberately limited. If you want to add a different character, you have to adjust it yourself after the import. Possible characters: a-z A-Z 0-9 - _ + # ! = * + $ / German umlauts and of course the space character.
Multiple submissions for an XML An XML can end up with different configurations. The first time you submit the form, for example, you can have only FQDN Host, the second time only one URL group and the third time all four options. The combination is up to you. When importing, the data is imported together, but not merged!
FQDN check When lists are submitted, the FQDNs are checked for plausibility. Most error cases should be covered. Errors are displayed in detail. Already sent in data before? Don't worry, they will remain until the end.
IDN domains IDN (International Domain Name) domains are supported. You can enter müller.de, or xn--mller-kva.de. Both work. When creating the XML, all domains that require conversion are converted to Punycode. You don't need to worry about it here.
Data input
Enter FQDN list (max. 100 entries / lines per forum form submission)
Select any combination of options
Send data (max. 20 submissions per XML)
Start from scratch or create XML
Attention
Use of the XML imports created is at your own risk. We accept no liability for possible damage or misconduct. As always, the import should be tested in a test system beforehand. Nevertheless, we would like to point out that we believe that the risk of such errors due to the imported data is close to zero.
Generator
Step 1: Enter FQDNs
Version history
25.04.2024 - Initial release
15.05.2024 - Minor adjustments to the text
FAQ
Is the created data stored on the server?
Yes, as soon as the TAR file is created for import ("XML ..." button). As long as only data is entered, no data is stored on the server. Once the XML has been created, the file is only stored on our server for 30 minutes. It is then deleted. You give your consent to this via the Content Blocker.
What is Punycode?
Punycode is a special encoding for converting Unicode characters into ASCII, a smaller, restricted character set. Punycode is used to encode internationalized domain names (IDN) so that the ASCII-based DNS system can handle the domains. So without Punycode no umlauts, accents, or other non-ASCII characters.
What are labels and TLDs?
Very briefly and concisely explained, a domain consists of at least one label and one TLD. However, there can also be several labels. Everything is always separated by a period. Examples: domain.de (domain=label, de=TLD) or test.domain.de (test=label, domain=label, de=TLD). More on Wikipedia or your trusted source of knowledge.
I have found a mistake
Great, you've found the Easteregg 🥳 No, joking aside... Errors cannot be ruled out due to the number of possible test scenarios. If you have found a bug, please let us know via the contact form or in the comments which data lead to the error and we will make sure that we fix the bug as soon as possible.
Is something missing?
If you are missing something in the generator, please write to us via the contact form or in the comments. Let's see if your feature request makes it in 😊
Where and how is the XML imported?
Please upload and import the created file (.tar) as it is under "Backup & Firmware -> Import/Export". After the message that the process was successful, the desired objects have been created.
How can it be ensured that the import does not install a backdoor or anything else?
Simply unzip the TAR file and open the XML file in the editor. You will only find the data you have sent in here.
Thanks for that great work! It saved a lot of time for me! Looking forward to a IP object generator
Hi,
this is also a great piece of work from you. Thank you very much!
Miles
Thank you for your feedback!
Many thanks for the great tool. I was able to import around 100 FQDNs quickly and easily into the firewall. That saved me a lot of work.
I will certainly be using the tool more often!
Thank you, thank you, thank you!
Peter
Hi Peter,
You’re welcome. I’m pleased if the tool is well received and makes work much easier for others.
Thanks for that great work! It saved a lot of time for me! Looking forward to a IP object generator
Hi,
this is also a great piece of work from you. Thank you very much!
Miles
Thank you for your feedback!
Many thanks for the great tool. I was able to import around 100 FQDNs quickly and easily into the firewall. That saved me a lot of work.
I will certainly be using the tool more often!
Thank you, thank you, thank you!
Peter
Hi Peter,
You’re welcome. I’m pleased if the tool is well received and makes work much easier for others.
Greetings,
Sebastian