Loadcookie347

How to enable your Sophos XG Firewall to connect with Sophos Central in order to activate synchronized security Lateral Movement Protection This video shows how XG Firewall and Synchronized Security can prevent infected machines from communicating with other machines on the same network with the help of Lateral Movement Protection. XG Firewall virtual appliances support a wider range of hypervisor platforms and can be run on Amazon AWS or Microsoft Azure IaaS platforms. License migration Sophos Web Appliance is licensed by the number of users, regardless of how many physical or virtual appliances are required to protect them. Because Microsoft uses non standard HTTP/HTTPS connections the Sophos XG Firewall's HTTP scanning feature has the potential to prevent Skype for business from working or may cause random call drops. This article explains how to allow this traffic through the XG without being scanned. Since you weren't doing AV scanning, the only thing left was to skip the Proxy for the access to emea.ng.msg.teams.microsoft.com. I note that that FQDN has multiple DNS A-records, so you will want to use it in a DNS Group definition in the Skiplist instead of a DNS Host definition.

• Sophos Xg Microsoft Teams Login
• Sophos Xg Models
• Sophos Xg Microsoft Teams Exceptions
• Sophos Xg Microsoft Teams

Overview

• This article describe the steps to allow Office 365 installation, updates and general usage through the Web Protection module of the Sophos XG Firewall. The specified exceptions resolve the timeout/AV error issues and HTTPS inspection issues.

How to do ?

Method 1

Manually add the Office 365 URLs to the Web Filter Exceptions:

• Go to Web > Exceptions and then click Add Exception.
• Name the exception Office365.
• Flag the options HTTPS Decryption and Malware and Content Scanning under the Skip the selected checks or actions section.
• Flag the URL pattern matches under the For web traffic matching these criteria section.
• Insert the following exceptions:

^([A-Za-z0-9.-]*.)?office365.com/?
^([A-Za-z0-9.-]*.)?admin.microsoft.com/?
^([A-Za-z0-9.-]*.)?portal.cloudappsecurity.com/?
^([A-Za-z0-9.-]*.)?us.portal.cloudappsecurity.com/?
^([A-Za-z0-9.-]*.)?eu.portal.cloudappsecurity.com/?
^([A-Za-z0-9.-]*.)?eu2.portal.cloudappsecurity.com/?
^([A-Za-z0-9.-]*.)?us2.portal.cloudappsecurity.com/?
^([A-Za-z0-9.-]*.)?us3.portal.cloudappsecurity.com/?
^([A-Za-z0-9.-]*.)?onmicrosoft.com/?
^([A-Za-z0-9.-]*.)?account.office.net/?
^([A-Za-z0-9.-]*.)?agent.office.net/?
^([A-Za-z0-9.-]*.)?delve.office.com/?
^([A-Za-z0-9.-]*.)?home.office.com/?
^([A-Za-z0-9.-]*.)?portal.office.com/?
^([A-Za-z0-9.-]*.)?suite.office.net/?
^([A-Za-z0-9.-]*.)?webshell.suite.office.com/?
^([A-Za-z0-9.-]*.)?www.office.com/?
^([A-Za-z0-9.-]*.)?aria.microsoft.com/?
^([A-Za-z0-9.-]*.)?portal.microsoftonline.com/?
^([A-Za-z0-9.-]*.)?clientlog.portal.office.com/?
^([A-Za-z0-9.-]*.)?nexus.officeapps.live.com/?
^([A-Za-z0-9.-]*.)?nexusrules.officeapps.live.com/?
^([A-Za-z0-9.-]*.)?amp.azure.net/?
^([A-Za-z0-9.-]*.)?o365weve.net/?
^([A-Za-z0-9.-]*.)?auth.gfx.ms/?
^([A-Za-z0-9.-]*.)?appsforoffice.microsoft.com/?
^([A-Za-z0-9.-]*.)?assets.onestore.ms/?
^([A-Za-z0-9.-]*.)?az826701.vo.msecnd.net/?
^([A-Za-z0-9.-]*.)?c.microsoft.com/?
^([A-Za-z0-9.-]*.)?c1.microsoft.com/?
^([A-Za-z0-9.-]*.)?client.hip.live.com/?
^([A-Za-z0-9.-]*.)?contentstorage.osi.office.net/?
^([A-Za-z0-9.-]*.)?dgps.support.microsoft.com/?
^([A-Za-z0-9.-]*.)?docs.microsoft.com/?
^([A-Za-z0-9.-]*.)?groupsapi-prod.outlookgroups.ms/?
^([A-Za-z0-9.-]*.)?groupsapi2-prod.outlookgroups.ms/?
^([A-Za-z0-9.-]*.)?groupsapi3-prod.outlookgroups.ms/?
^([A-Za-z0-9.-]*.)?groupsapi4-prod.outlookgroups.ms/?
^([A-Za-z0-9.-]*.)?msdn.microsoft.com/?
^([A-Za-z0-9.-]*.)?platform.linkedin.com/?
^([A-Za-z0-9.-]*.)?products.office.com/?
^([A-Za-z0-9.-]*.)?prod.msocdn.com/?
^([A-Za-z0-9.-]*.)?res.delve.office.com/?
^([A-Za-z0-9.-]*.)?shellprod.msocdn.com/?
^([A-Za-z0-9.-]*.)?support.content.office.com/?
^([A-Za-z0-9.-]*.)?support.microsoft.com/?
^([A-Za-z0-9.-]*.)?support.office.com/?
^([A-Za-z0-9.-]*.)?technet.microsoft.com/?
^([A-Za-z0-9.-]*.)?templates.office.com/?
^([A-Za-z0-9.-]*.)?video.osi.office.net/?
^([A-Za-z0-9.-]*.)?videocontent.osi.office.net/?
^([A-Za-z0-9.-]*.)?videoplayer.osi.office.net/?
^([A-Za-z0-9.-]*.)?manage.office.com/?
^([A-Za-z0-9.-]*.)?protection.office.com/?
^([A-Za-z0-9.-]*.)?blob.core.windows.net/?
^([A-Za-z0-9.-]*.)?helpshift.com/?
^([A-Za-z0-9.-]*.)?localytics.com/?
^([A-Za-z0-9.-]*.)?firstpartyapps.oaspapps.com/?
^([A-Za-z0-9.-]*.)?outlook.uservoice.com/?
^([A-Za-z0-9.-]*.)?prod.firstpartyapps.oaspapps.com.akadns.net/?
^([A-Za-z0-9.-]*.)?rink.hockeyapp.net/?
^([A-Za-z0-9.-]*.)?sdk.hockeyapp.net/?
^([A-Za-z0-9.-]*.)?telemetryservice.firstpartyapps.oaspapps.com/?
^([A-Za-z0-9.-]*.)?wus-firstpartyapps.oaspapps.com/?
^([A-Za-z0-9.-]*.)?liverdcxstorage.blob.core.windowsazure.com/?
^([A-Za-z0-9.-]*.)?telemetry.remoteapp.windowsazure.com/?
^([A-Za-z0-9.-]*.)?vortex.data.microsoft.com/?
^([A-Za-z0-9.-]*.)?www.remoteapp.windowsazure.com/?
^([A-Za-z0-9.-]*.)?hockeyapp.net/?
^([A-Za-z0-9.-]*.)?sharepointonline.com/?
^([A-Za-z0-9.-]*.)?staffhub.office.com/?
^([A-Za-z0-9.-]*.)?api.office.com/?
^([A-Za-z0-9.-]*.)?enterpriseregistration.windows.net/?
^([A-Za-z0-9.-]*.)?dc.applicationinsights.microsoft.com/?
^([A-Za-z0-9.-]*.)?dc.services.visualstudio.com/?
^([A-Za-z0-9.-]*.)?forms.microsoft.com/?
^([A-Za-z0-9.-]*.)?forms.office.com/?
^([A-Za-z0-9.-]*.)?graph.windows.net/?
^([A-Za-z0-9.-]*.)?mem.gfx.ms/?
^([A-Za-z0-9.-]*.)?office365servicehealthcommunications.cloudapp.net/?
^([A-Za-z0-9.-]*.)?securescore.office.com/?
^([A-Za-z0-9.-]*.)?signup.microsoft.com/?
^([A-Za-z0-9.-]*.)?staffhub.ms/?
^([A-Za-z0-9.-]*.)?staffhubweb.azureedge.net/?
^([A-Za-z0-9.-]*.)?staffhub.uservoice.com/?
^([A-Za-z0-9.-]*.)?forms.osi.office.net/?
^([A-Za-z0-9.-]*.)?watson.telemetry.microsoft.com/?
^([A-Za-z0-9.-]*.)?wu.client.hip.live.com/?
^([A-Za-z0-9.-]*.)?testconnectivity.microsoft.com/?

Note: For some specific features, it may be required to exclude the following second-level domains altogether:

^([A-Za-z0-9.-]*.)?microsoft.com/?
^([A-Za-z0-9.-]*.)?msocdn.com/?
^([A-Za-z0-9.-]*.)?office.com/?
^([A-Za-z0-9.-]*.)?office.net/?
^([A-Za-z0-9.-]*.)?onmicrosoft.com/?

• Click Save and verify that the exception is active.

Note:

• The exception created does not bypass the policy checks. If it is required to bypass the policy checks, enable the Policy Checks option under the Skip the selected checks or actions section.
• The exceptions provided in this article are the base exception. Microsoft continuously updates their IP addresses and domains. Please refer to Office 365 URLs and IP address ranges for an updated list.
  

Method 2

Import exception list through XG’s Backup & firmware > Import export.

• (1) Download the exception lists here.
• Extract the content of the zip file. The zip file contains the following:

API-O365-all.tar – this is a comprehensive set of 108 exceptions, every web URL that Microsoft list
API-O365-required.tar – this a subset of 50 exceptions corresponding to the groups that Microsoft says are ‘required’
API-O365-minimal.tar – this is a subset of 10 exceptions that correspond to the groups Microsoft says are ‘required’ and flag as ‘optimize’ or ‘allow’

Sophos Xg Microsoft Teams Login

Upload one of the files as needed.

• On the XG Firewall Web Console, navigate to System > Backup & firmware > Import export.

Sophos Xg Models

Sophos Xg Microsoft Teams Exceptions

Sophos Xg Microsoft Teams

• Click Choose File and browse to the location where the files have been extracted on step 1.
• Once the file has been selected, click on Import.
• Once imported, go to Web > Exceptions and enable the exception.