Text only | Text with Images

Networking-Forums.com

Professional Discussions => Everything Else in the Data Center => Topic started by: icecream-guy on September 26, 2018, 09:49:27 AM

Title: Keeping up with O365 EOP Rules.
Post by: icecream-guy on September 26, 2018, 09:49:27 AM
How do you all keep up with the ever changing unannounced MS O365  Exchange Online Protection IP's found here?

https://docs.microsoft.com/en-us/office365/SecurityCompliance/eop/exchange-online-protection-ip-addresses

We got into a dig over the weekend where the IP's were not updated in rule sets for about a year, and firewalls were denying legit traffic

Title: Re: Keeping up with O365 EOP Rules.
Post by: Dieselboy on October 05, 2018, 12:13:54 AM
Watched a Cisco webinar on this sort of thing yesterday. Need a firewall that can update itself via a feed. Or you'll need to whitelist urls. OR employ someone to do this periodically at a cost of effort.
Title: Re: Keeping up with O365 EOP Rules.
Post by: deanwebb on October 19, 2018, 01:45:42 PM
HOW TO WORK WITH MICROSOFT ONLINE SERVICES

1. Create a rule on the firewall that will permit all traffic between all hosts. This is known as "permit any any all" in firewall parlance.
2. If you are concerned about security, turn on logging for that rule.
3. Your Microsoft online services will now work smoothly, without interruption.

:ivan:
Title: Re: Keeping up with O365 EOP Rules.
Post by: icecream-guy on October 20, 2018, 05:55:07 AM
Quote from: deanwebb on October 19, 2018, 01:45:42 PM
HOW TO WORK WITH MICROSOFT ONLINE SERVICES

1. Create a rule on the firewall that will permit all traffic between all hosts. This is known as "permit any any all" in firewall parlance.
2. If you are concerned about security, turn on logging for that rule.
3. Your Microsoft online services will now work smoothly, without interruption.

:ivan:

I'd should plug that firewall into a hub? and at least get some security benefit.
Title: Re: Keeping up with O365 EOP Rules.
Post by: deanwebb on October 20, 2018, 06:10:39 PM
Quote from: ristau5741 on October 20, 2018, 05:55:07 AM
Quote from: deanwebb on October 19, 2018, 01:45:42 PM
HOW TO WORK WITH MICROSOFT ONLINE SERVICES

1. Create a rule on the firewall that will permit all traffic between all hosts. This is known as "permit any any all" in firewall parlance.
2. If you are concerned about security, turn on logging for that rule.
3. Your Microsoft online services will now work smoothly, without interruption.

I'd should plug that firewall into a hub? and at least get some security benefit.

Best practice calls for a Belkin hub.
Title: Re: Keeping up with O365 EOP Rules.
Post by: SimonV on October 22, 2018, 04:42:48 PM
Not sure about Exchange Online specifically but for general O365 URLs and prefixes, most firewall vendors are starting to move to dynamic feeds.

Juniper has an O365 feed via Sky ATP: https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/concept/sky-atp-integrated-feeds.html
Palo Alto has Minemeld: https://live.paloaltonetworks.com/t5/MineMeld-Articles/How-to-Safely-Enable-access-to-Office-365-using-MineMeld/ta-p/120280
Checkpoint also has something but as always, it involves complicated hacks.

I'm sure the others have it too. Maybe not Cisco, duh.

You can also consider an AppFW and look at L7 (look for HTTP hostname, or SSL Server Name Indication when encrypted) and just allow that to 'any'.
Title: Re: Keeping up with O365 EOP Rules.
Post by: Dieselboy on October 28, 2018, 08:53:13 PM
Cisco has it, man  :)
Text only | Text with Images