This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CheckPoint_Char
Explorer
‎2018-02-15 07:59 AM

Microsoft Office 365 Service Application Control

Checkmates,

New user to the community; and I have come across some projects a little out of my realm. Hopefully I can ask here to obtain some documents, advice and/or direction regarding the "Best practice" to setup Checkpoint FW to play nice with Microsoft 365 services (Exchange, Office etc).

Any PDF's available regarding below as I don't have my advanced access granted yet:

  • sk110679 - Application Control support for Office 365
    sk112354 - How to allow Office 365 services in Application Control R77.30 and above
  • sk102987: How to configure Check Point Cloud Connector to work with Office 365
  • sk104564: Bypass for Office 365 in R77.20 HTTPS Inspection policy
0 Kudos
4 Replies
Ralf_Wuestling
Employee
Employee
‎2018-02-15 08:59 AM

Hi,

may I ask you which version you are running, how your setup looks like and what you want to archive?

The best way might be to include you local partner and local SE.
The number of users is also somehow interesting if you expect more than 2000 concurrent users using Office 365. As Microsoft doesn't allow more than 2000 Users from the same IP you might need to adjust your NAT-settings.

Kind Regards

Ralf

0 Kudos
CheckPoint_Char
Explorer
‎2018-02-15 09:07 AM
In response to Ralf_Wuestling

Hi Ralf,

Its for training as I am an MCSE for 365 but want to certify with Checkpoint (personal goal) - but I also want to follow all the guidelines; I stumbled across the listed docs but I have no access because I am not associated with a vendor or support agreement.. again, just trying to learn.

I am aware of the 2000 limit Smiley Happy this request is just for education and I thought the docs would help me better understand how Checkpoint works with 365.

thanks

0 Kudos
Jason_Dance
Collaborator
‎2018-02-15 09:46 AM

Unless you have a specific need to make your Check Point security gateway the authentication point for Office 365, then you won't need sk102987.  Typically you'd use Azure AD or on-prem AD synched to Azure AD.

Microsoft has a generic article on what to exclude in web security filters.  I exclude all of the URLs within URLF that are mentioned I'm the article for the services we specifically use. In AppCtl, I exclude all Office 365 and Azure based categories. In HTTPS inspection, I grouped all IP addresses related to the services and locations in use, and I put them into a bypass rule at the top of my rule set.

- Jason

0 Kudos
Pablo_Barriga
Advisor
‎2018-02-15 02:29 PM

Hello this post should be helpful

https://community.checkpoint.com/message/11716-allow-office-365-services-in-application-control-url-... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events