Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

How to I allow access to Office 365 servers that constantly update the list of IPs

Jump to solution

Hi All

We currently use a cloud based web proxy for all our users web traffic, on the Firewalls we have rules only permitting users to access these proxies, all other web traffic is blocked.

We want to bypass the proxy for Office 365, however the IP and URL list is exhaustive and also constantly changes, without doing dynamic object rules which do dns lookups and cause issues with the firewall, is there any other way we can achieve this?

For example using application control?

If we did do app control, would we still need the rule in the security policy? Does the Firewall look at the security policy first, then the app control second?

cheers

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin
Updatable Objects don't require an App Control/URL Filtering license.

View solution in original post

4 Replies

In R80.20, there are Updateable Objects - These are best explained in sk131852

The objects get updated directly for the applications they support.  

You can layer on Application control with this.

 

0 Kudos
Highlighted
Nickel

My organization is in the beginning phase of implementing Office 365 with products such as AD Sync, Microsoft Teams, etc.  If I understand correctly I can use the Check Point "Office 365" updateable object, run at least R80.20, and I can provide access to all of the Office 365 IP's, domain names, etc. with just my firewall policy?  I don't need application control or URL filtering licenses?

Tags (1)
0 Kudos
Highlighted
Employee+
Employee+

I created a layer in my lab without App/Control and URL filtering and the updateable objects option was there so it appears it is outside of the app/url filtering license.  But my gateway is fully licensed otherwise.  Seeing if the option shows up in your source/dst should tell you.

 

 

0 Kudos
Highlighted
Admin
Admin
Updatable Objects don't require an App Control/URL Filtering license.

View solution in original post