This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Employee Employee
Employee
‎2020-11-23 12:22 AM

O365 official connectivity test discussion

Probably not the best forum but some of you probably do work a lot with O365 connectivity challenges so worthwhile sharinghere too.

We noticed that MS official test webpage https://connectivity.office.com/  results can be very misleading if you are using "split" solution, i.e. proxy or SD WAN controlled bypass for O365 traffic

There's very little technical description of those tests by MS so we were left with no option but to reverse engineer them to understand why we were getting so poor results in South America. It's worth noting here that we are using SD WAN (not Checkpoint) trying to break out O365 as close to the user as possible using pre-defined O365 object, similar to CP Updatable Objects.

These three points were identified and helped us to achieve better results

  1. Location determination. It's a browser API based solution. I saw that from home, my wifi MAC address was used to determine actual GEO location and it was accurate, but for offices in South America it turned out that in order to get correct results following three URLs had to be excluded from being sent to on-prem proxy and instead routed the same way as O365 traffic. 
    • inference.location.live.net
    • googleapis.com
    • dev.virtualearth.net
  2. Recursive DNS latency. MS test uses whoiami.akamai.net service to work out your recursive DNS location and with our SD WAN box, it followed default path to our on-prem solution. In order to get correct O365 test results, we had to exclude also this FQDN from being sent to on-prem and instead follow direct path just like O365
  3. Voice / video meeting test results are totally inaccurate. MS is using worldaz.tr.teams.microsoft.com IP resolution in order to perform performance tests like jitter, latency, packet order and packet loss on UDP ports 3478-3481. Problem with that is for example in Argentina this name resolves to an IP in Azure datacentre in USA thus showing nearly 200ms latency! In reality audio meetings in Argentina terminate in Azure datacentre in Sao Paulo and performance is actually acceptable. Not a lot we can do to fix this yourself as MS needs to fix test itself, but make sure that real-time meeting traffic is excluded too from being sent on-prem in your SD WAN device

I just wanted to share these findings and see if there are any other good tips out there for dealing with O365 challanges

5 Replies
Daniel_Kavan
Advisor
Advisor
‎2022-05-18 08:52 AM

Some of our users RDP'd in using teams reports being disconnected from Teams meeting periodically.  Users with VMware horizon client on VPC don't report that.  It may be happening during a rule push. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-05-19 04:20 AM
In response to Daniel_Kavan

How is your Connection Persistence currently set?

CCSM R77/R80/ELITE
0 Kudos
Daniel_Kavan
Advisor
Advisor
‎2022-06-03 01:37 PM
In response to Chris_Atkinson

Rematch Connections

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-06-03 08:16 PM
In response to Daniel_Kavan

Please see sk103598 and test the "keep all" option to see if it helps.

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor
Advisor
‎2022-06-04 07:04 AM
In response to Chris_Atkinson

Will do if need thanks-its a balance.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events