Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL/TLS Exception for Anydesk

Hi,

I try to get anydesk running with TLS Inspection. I´ve read this post: https://community.sophos.com/sophos-xg-firewall/f/discussions/123967/how-to-allow-or-block-anydesk-when-using-tls-scanning

I created a IP List with all the anydesk Servers, but where can I define the exception?

Thanks



This thread was automatically locked due to age.
Parents
  • Unfortunately https://community.sophos.com/sophos-xg-firewall/f/discussions/123967/how-to-allow-or-block-anydesk-when-using-tls-scanning is now locked, which is why you will have had to create a new post here.

    If those providing answers read the original post, they will see this is nothing to do with URLs. Anydesk uses IP connections, not URLs for the remote access sessions, hence the need to create an IP list and exempt that from scanning, which is what the OP was asking about.

    I'm glad you figured out how to do it . For those coming across this post as a search result, here is the rule I use (pick 'Rule and Policies' on the left, then the 'SSL/TLS inspection rules' on the top tab). It's very standard stuff, which is why I didn't put it in the original post, but if you aren't used to setting up Exceptions, I can understand struggling to find it.

    Unfortunately, Anydesk seem to regularly add to this list (currently about 400 IPs) so it needs updating quite often. Would be nice if Sophos could just make inspection work with Anydesk.

  • So, you are saying the ip addresses are hardcoded into the application, so unless you update the application the IP address list doesn’t change.

    ian

Reply Children
  • It wouldn't require an application update. You can have a mechanism in the software that retrieves an up to date IP list. The way Anydesk works is a pain. The fact Sophos doesn't work with Anydesk is a pain. I spent many, many hours getting the info I needed to create a working solution and it isn't a perfect because the IPs get added to quite regularly.

    I've only come across one other piece of software that uses IP connections rather than URLs, DUO two factor authentication. Even then it was only for one of their modules. I did contact their tech support to see if they would rectify it but couldn't convince the level 1 technician, "we only use URLs". Life is too short so I just ended up creating an exception for the one IP it used.