This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Diamond
MVP Diamond
‎2022-05-19 10:05 AM
Jump to solution

Office 365 updatable objects question

Hey guys,

I was wondering if someone might be able to confirm this for me, since I did not want to open TAC case for it as of yet, figured someone here would know for sure. When adding anything that comes up when searching for office 365 in updatable objects in smart dashboard, link that shows up as reference is below:

https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

Im trying to confirm if above link would cover EVERYTHING listed in below link:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-world...

Thats it : - ). My logical assumption is that it does cover it, but want to be 100% sure.

Cheers,

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
1 Solution

Accepted Solutions
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-05-19 11:06 AM
Jump to solution

Yes it does. We have not had any issues accessing O365 after updatable objects were introduced and we could skip scripting it ourselves 

View solution in original post

12 Replies
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-05-19 11:06 AM
Jump to solution

Yes it does. We have not had any issues accessing O365 after updatable objects were introduced and we could skip scripting it ourselves 

the_rock
MVP Diamond
MVP Diamond
‎2022-05-19 11:28 AM
In response to Kaspars_Zibarts
Jump to solution

Tx a lot!!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-05-19 02:26 PM
In response to Kaspars_Zibarts
Jump to solution

Thanks lots @Kaspars_Zibarts . One more question I have...did you have to make any nat rules modifications? Im thinking not since all those ranges are external, but they dont need to translate to any internal IP?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-05-20 07:37 AM
In response to the_rock
Jump to solution

No nothing special with using updatable objects. But we do use multiple NAT IPs for O365. From memory, o365/ms did not like too many users behind the same single IP. I might be lying now, but I think it was 2000 per IP

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-05-20 07:41 AM
In response to Kaspars_Zibarts
Jump to solution

Thanks @Kaspars_Zibarts ! This was what customer indicated to me...now the thing is users are everywhere behind the firewall, office 365 online communicate with the users directly not the exchange server. So, in that case, not sure how NAT would be configured or if its even needed.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-05-20 08:01 AM
In response to the_rock
Jump to solution

O365 connections always originate from inside/client. Never from O365 to client

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-05-20 08:07 AM
In response to Kaspars_Zibarts
Jump to solution

Ok, so Im little confused...so can you give me example of what nat looks like on your end if you dont mind?

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-05-20 10:03 AM
In response to Kaspars_Zibarts
Jump to solution

@Kaspars_Zibarts  Or, I assume you are referring to source NAT here and NOT destination NAT?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-05-20 10:57 AM
In response to the_rock
Jump to solution

Correct. 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-05-20 11:00 AM
In response to Kaspars_Zibarts
Jump to solution

@Kaspars_Zibarts  thanks! Well, they have option to hide internal networks behind fw checked on cluster properties, so I guess thats good enough? No need to change any inbound nat? 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-05-22 01:26 AM
In response to the_rock
Jump to solution

That's correct. There's no need for any inbound NAT. As for outbound - as long as you have you need to make sure that you are not NATing too many users behind one IP:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/nat-support-with-microsoft-365?view=o365-w... 

the_rock
MVP Diamond
MVP Diamond
‎2022-05-22 04:59 AM
In response to Kaspars_Zibarts
Jump to solution

  • Thanks @Kaspars_Zibarts . This customer has about 1000 employees, so I think it should be good.
Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events