Sophos Firewall - How to manage multiple web exclusions over multiple firewalls

Question

Hello, I&rsquo;m seeing that our Sophos XG firewalls are blocking M365 install and updates. What is the best way to push the M365 exceptions out to all firewalls? We currently have about 25 XG firewalls. I found the article 
 Sophos Firewall: Configure web exceptions for Office 365 
 with a list of URL pattern matches to exclude for M365, and some instructions for importing. I had previously imported these to a couple of firewalls, but then spent a long time deleting them all because of the mess it created. How do I import all of the URLs into one exception and then push out to all 25 XG firewalls? 
 My understanding is that it's still a manual process, so curious how others are managing such tedious tasks?

LuCar Toni · Answer

Essentially if you are using TLS Decryption by SFOS (DPI Engine) the managed List should take care of this exception and should work. No need to manually add those hosts.

Michael Dunn · Answer

The exceptions are mostly there to disable tls decryption. If you are not doing decryption then they are not required.

As for the easiest way to deploy, I would set up all the exception on a single box. Then Backup & Firmware > Import export > Selective configuration > WebFilterExpection.

You will get a .tar file containing an XML. You can import that to any other box. You can also edit the XML to do things like only include the one Exception you care about.

Sophos Firewall - How to manage multiple web exclusions over multiple firewalls

Top Replies