cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

O365 and NAT

I was wondering how people are handling o365 and NAT.  I will be going to R80.20 for the dynamic objects for the security rules, but dynamic objects are not allowed in t NAT rules.

I wanted to start using an IP pool for the o365 NATs but without the ability to use the dynamic object in the destination address I am stuck.

I could change the current single hide address to a IP pool but then every vendor that has us on a whitelist would block when the IP changes.

Thoughts or Ideas......

0 Kudos
3 Replies
Highlighted
Admin
Admin

Re: O365 and NAT

There are scripts on CheckMates to create host objects for all the various Office 365 IPs which would allow you to use them in the NAT rulebase.

I would also possibly use multiple HIDE NAT IPs depending on the size of your internal user pool.

0 Kudos
Highlighted

Re: O365 and NAT

Thank you Dameon.  I am looking at options.

0 Kudos
Highlighted
Nickel

Re: O365 and NAT

I was searching for solution for similar reason. It's strange that updable object cannot be used in NAT rule. I hope this gets addressed in future release.

My situation is similar to below. We were trying to figure out why office 365 traffic is slow. Sometimes user would open a browser tab and it just freeze/no display; It will work however if immediately open a new tab with same link (while the original tab will not display anything at all), which made us wonder if we need to have a separate outbound NAT for office 365 traffic, or even a pool of outbound NAT IPs.

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Office-365/m-p/15339

0 Kudos