Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CheckPoint_Char
Explorer

Microsoft Office 365 Service Application Control

Checkmates,

New user to the community; and I have come across some projects a little out of my realm. Hopefully I can ask here to obtain some documents, advice and/or direction regarding the "Best practice" to setup Checkpoint FW to play nice with Microsoft 365 services (Exchange, Office etc).

Any PDF's available regarding below as I don't have my advanced access granted yet:

  • sk110679 - Application Control support for Office 365
    sk112354 - How to allow Office 365 services in Application Control R77.30 and above
  • sk102987: How to configure Check Point Cloud Connector to work with Office 365
  • sk104564: Bypass for Office 365 in R77.20 HTTPS Inspection policy
0 Kudos
4 Replies
Ralf_Wuestling
Employee
Employee

Hi,

may I ask you which version you are running, how your setup looks like and what you want to archive?

The best way might be to include you local partner and local SE.
The number of users is also somehow interesting if you expect more than 2000 concurrent users using Office 365. As Microsoft doesn't allow more than 2000 Users from the same IP you might need to adjust your NAT-settings.

Kind Regards

Ralf

0 Kudos
CheckPoint_Char
Explorer

Hi Ralf,

Its for training as I am an MCSE for 365 but want to certify with Checkpoint (personal goal) - but I also want to follow all the guidelines; I stumbled across the listed docs but I have no access because I am not associated with a vendor or support agreement.. again, just trying to learn.

I am aware of the 2000 limit Smiley Happy this request is just for education and I thought the docs would help me better understand how Checkpoint works with 365.

thanks

0 Kudos
Jason_Dance
Collaborator

Unless you have a specific need to make your Check Point security gateway the authentication point for Office 365, then you won't need sk102987.  Typically you'd use Azure AD or on-prem AD synched to Azure AD.

Microsoft has a generic article on what to exclude in web security filters.  I exclude all of the URLs within URLF that are mentioned I'm the article for the services we specifically use. In AppCtl, I exclude all Office 365 and Azure based categories. In HTTPS inspection, I grouped all IP addresses related to the services and locations in use, and I put them into a bypass rule at the top of my rule set.

- Jason

0 Kudos
Pablo_Barriga
Advisor

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events