Hey guys,
Just wanted to share something I discovered when troubleshooting an issue with a customer. I know this is very unconventional way to fix such a problem, but it foes work. So, they were trying to access sql server on port 1433, but considering an IP would randomly change, we tried using wildcard for microsoft, azure and akamaitechnologies based on the logs we found, but nothing worked.
TAC also kept suggesting we add more fqdns, but considering nothing worked, I was thinking about it and thought, well, if below site gives proper IP range, why not just add an IP range in the destination and we also added one for USA as well, and that worked fine. Logs, in this case, sadly never give fqdn, always just an IP and YES, the resolve option is checked.
Example of one range:
https://whois.domaintools.com/52.228.81.188
Anyway, thought would share that in case someone else encounters the same issue. I wish we could make it work using url custom objects, but it sure beats spending hours on end troubleshooting this, when we dont even know the proper list : - )
Best,
Andy