How to allow cloud services, e.g., Sophos Central through SRX
We deploy Juniper SRX300's on customer sites. We connect to their network by NATing from our Private network. We will be implementing Sophos Intercept X on the PC's (Windows 10), and I am trying to figure out how to add the list of exceptions that Sophos provided in the SRX firewall. I found a list of IP's I can add, but there are literally 1000's of them. Sophos needs internet connection to install, update, and broadcast to Sophos Central (Web Portal). Also we have set up a rule to block all incoming traffic, and only allow 2 IP's out to the web. Here is the list of domains given from Sophos:
Sophos Central Partner
*.sophos.com Note: This covers domains such as cloud-assets.sophos.com and the regional APIs.
Sophos Endpoint - Domains
For customers with an Intercept X Advanced with EDR license the following domains are also required: