Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
John_Fulater
Contributor

O365 and NAT

I was wondering how people are handling o365 and NAT.  I will be going to R80.20 for the dynamic objects for the security rules, but dynamic objects are not allowed in t NAT rules.

I wanted to start using an IP pool for the o365 NATs but without the ability to use the dynamic object in the destination address I am stuck.

I could change the current single hide address to a IP pool but then every vendor that has us on a whitelist would block when the IP changes.

Thoughts or Ideas......

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

There are scripts on CheckMates to create host objects for all the various Office 365 IPs which would allow you to use them in the NAT rulebase.

I would also possibly use multiple HIDE NAT IPs depending on the size of your internal user pool.

0 Kudos
John_Fulater
Contributor

Thank you Dameon.  I am looking at options.

0 Kudos
Cyber_Serge
Collaborator

I was searching for solution for similar reason. It's strange that updable object cannot be used in NAT rule. I hope this gets addressed in future release.

My situation is similar to below. We were trying to figure out why office 365 traffic is slow. Sometimes user would open a browser tab and it just freeze/no display; It will work however if immediately open a new tab with same link (while the original tab will not display anything at all), which made us wonder if we need to have a separate outbound NAT for office 365 traffic, or even a pool of outbound NAT IPs.

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Office-365/m-p/15339

0 Kudos