SRX Services Gateway
Highlighted
SRX Services Gateway

How to allow cloud services, e.g., Sophos Central through SRX

‎04-17-2019 06:30 AM

Hi All,

We deploy Juniper SRX300's on customer sites. We connect to their network by NATing from our Private network. We will be implementing Sophos Intercept X on the PC's (Windows 10), and I am trying to figure out how to add the list of exceptions that Sophos provided in the SRX firewall. I found a list of IP's I can add, but there are literally 1000's of them. Sophos needs internet connection to install, update, and broadcast to Sophos Central (Web Portal). Also we have set up a rule to block all incoming traffic, and only allow 2 IP's out to the web. Here is the list of domains given from Sophos:

 

Sophos Central Partner

  • *.sophos.com

    Note
    : This covers domains such as cloud-assets.sophos.com and the regional APIs.

Sophos Endpoint - Domains

  • *.sophos.com 
  • *.sophosupd.com
  • *.sophosupd.net
  • *.sophosxl.net
  • ocsp2.globalsign.com
  • crl.globalsign.com

For customers with an Intercept X Advanced with EDR license the following domains are also required:

  • tf-edr-message-upload-eu-central-1-prod-bucket.s3.amazonaws.com
  • tf-edr-message-upload-eu-west-1-prod-bucket.s3.amazonaws.com
  • tf-edr-message-upload-us-east-2-prod-bucket.s3.amazonaws.com
  • tf-edr-message-upload-us-west-2-prod-bucket.s3.amazonaws.com
  •  

 

How to I add these domains into the SRX as exclusions? I know I can make an object, but it would be by IP, and not Domain name, especially with a wildcard like *.sophos.com