This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
the_rock
Champion
Champion
‎2022-05-19 10:05 AM

Office 365 updatable objects question

Jump to solution

Hey guys,

I was wondering if someone might be able to confirm this for me, since I did not want to open TAC case for it as of yet, figured someone here would know for sure. When adding anything that comes up when searching for office 365 in updatable objects in smart dashboard, link that shows up as reference is below:

https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

Im trying to confirm if above link would cover EVERYTHING listed in below link:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-world...

Thats it : - ). My logical assumption is that it does cover it, but want to be 100% sure.

Cheers,

Andy

0 Kudos
1 Solution

Accepted Solutions
Kaspars_Zibarts
Authority
Authority
‎2022-05-19 11:06 AM

Jump to solution

Yes it does. We have not had any issues accessing O365 after updatable objects were introduced and we could skip scripting it ourselves 

View solution in original post

12 Replies
Kaspars_Zibarts
Authority
Authority
‎2022-05-19 11:06 AM

Jump to solution

Yes it does. We have not had any issues accessing O365 after updatable objects were introduced and we could skip scripting it ourselves 

the_rock
Champion
Champion
‎2022-05-19 11:28 AM
In response to Kaspars_Zibarts

Jump to solution

Tx a lot!!

0 Kudos
the_rock
Champion
Champion
‎2022-05-19 02:26 PM
In response to Kaspars_Zibarts

Jump to solution

Thanks lots @Kaspars_Zibarts . One more question I have...did you have to make any nat rules modifications? Im thinking not since all those ranges are external, but they dont need to translate to any internal IP?

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2022-05-20 07:37 AM
In response to the_rock

Jump to solution

No nothing special with using updatable objects. But we do use multiple NAT IPs for O365. From memory, o365/ms did not like too many users behind the same single IP. I might be lying now, but I think it was 2000 per IP

0 Kudos
the_rock
Champion
Champion
‎2022-05-20 07:41 AM
In response to Kaspars_Zibarts

Jump to solution

Thanks @Kaspars_Zibarts ! This was what customer indicated to me...now the thing is users are everywhere behind the firewall, office 365 online communicate with the users directly not the exchange server. So, in that case, not sure how NAT would be configured or if its even needed.

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2022-05-20 08:01 AM
In response to the_rock

Jump to solution

O365 connections always originate from inside/client. Never from O365 to client

0 Kudos
the_rock
Champion
Champion
‎2022-05-20 08:07 AM
In response to Kaspars_Zibarts

Jump to solution

Ok, so Im little confused...so can you give me example of what nat looks like on your end if you dont mind?

Andy

0 Kudos
the_rock
Champion
Champion
‎2022-05-20 10:03 AM
In response to Kaspars_Zibarts

Jump to solution

@Kaspars_Zibarts  Or, I assume you are referring to source NAT here and NOT destination NAT?

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2022-05-20 10:57 AM
In response to the_rock

Jump to solution

Correct. 

0 Kudos
the_rock
Champion
Champion
‎2022-05-20 11:00 AM
In response to Kaspars_Zibarts

Jump to solution

@Kaspars_Zibarts  thanks! Well, they have option to hide internal networks behind fw checked on cluster properties, so I guess thats good enough? No need to change any inbound nat? 

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2022-05-22 01:26 AM
In response to the_rock

Jump to solution

That's correct. There's no need for any inbound NAT. As for outbound - as long as you have you need to make sure that you are not NATing too many users behind one IP:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/nat-support-with-microsoft-365?view=o365-w... 

the_rock
Champion
Champion
‎2022-05-22 04:59 AM
In response to Kaspars_Zibarts

Jump to solution
  • Thanks @Kaspars_Zibarts . This customer has about 1000 employees, so I think it should be good.
0 Kudos