Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bill_Ng
Collaborator

Office 365

Hi all,

We are planning to spin up more services to Office 365 in the near future.  There have been several questions our O365 team has concerning the outbound browsing FW.    

Questions:

We use a single outbound browsing NAT and the concern is the number of ports used on that single address could be exhausted.  Will this be a problem for O365?  Microsoft recommended to have multiple outbound NATs to mitigate this.  Are multiple outbound NATs possible?  I thought I read somewhere that if the Destinations are different then you would get sets of ports for each destination IPs.

Is there a way to monitor or get an idea of current number of ports being used by our single overloaded NAT?

Is there a way to get any type of reporting around Office 365 traffic outbound?

Any suggestions, links, articles are welcomed.

Thanks in Advance,

Bill

5 Replies
Nüüül
Advisor

Hi,

i remember there was a document with recommendations for x to y users to use one or more hide NAT addresses, as there may be about 20-40 sessions opened per user. 

Will check and post it here soon.

if I remember correct, I.e. for more than 1000 users they recommended more IPs.

Edit:

there it is: 

https://docs.microsoft.com/en-us/office365/enterprise/nat-support-with-office-365

0 Kudos
Bill_Ng
Collaborator

Thanks Daniel.  We would have more than a 1000 users easily.  Could a NAT pool to replace our hidden NAT?

0 Kudos
Nüüül
Advisor

Yes, NAT Pool would be an idea.

Or a dedicated NAT Rule for O365, when on R80.20 using the updateble objects as Destination and Natting to one dedicated IP for O365

when on R80.10 you might want to use the script described here:

https://community.checkpoint.com/docs/DOC-3013 

for getting Firewall Objects for O365 on  Checkpoint.

0 Kudos
Bill_Ng
Collaborator

just to clarify.  The NATs could look like one of the rules below or even a combo.

0 Kudos
Nüüül
Advisor

You should set the office rule above the other.

Viele Gr??e

Daniel Meier

//Sent Mobile with Check Point Secure Workspace

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events