Create a Post
Showing results for 
Search instead for 
Did you mean: 

Microsoft Office 365 Service Application Control


New user to the community; and I have come across some projects a little out of my realm. Hopefully I can ask here to obtain some documents, advice and/or direction regarding the "Best practice" to setup Checkpoint FW to play nice with Microsoft 365 services (Exchange, Office etc).

Any PDF's available regarding below as I don't have my advanced access granted yet:

  • sk110679 - Application Control support for Office 365
    sk112354 - How to allow Office 365 services in Application Control R77.30 and above
  • sk102987: How to configure Check Point Cloud Connector to work with Office 365
  • sk104564: Bypass for Office 365 in R77.20 HTTPS Inspection policy
0 Kudos
4 Replies


may I ask you which version you are running, how your setup looks like and what you want to archive?

The best way might be to include you local partner and local SE.
The number of users is also somehow interesting if you expect more than 2000 concurrent users using Office 365. As Microsoft doesn't allow more than 2000 Users from the same IP you might need to adjust your NAT-settings.

Kind Regards


0 Kudos

Hi Ralf,

Its for training as I am an MCSE for 365 but want to certify with Checkpoint (personal goal) - but I also want to follow all the guidelines; I stumbled across the listed docs but I have no access because I am not associated with a vendor or support agreement.. again, just trying to learn.

I am aware of the 2000 limit Smiley Happy this request is just for education and I thought the docs would help me better understand how Checkpoint works with 365.


0 Kudos

Unless you have a specific need to make your Check Point security gateway the authentication point for Office 365, then you won't need sk102987.  Typically you'd use Azure AD or on-prem AD synched to Azure AD.

Microsoft has a generic article on what to exclude in web security filters.  I exclude all of the URLs within URLF that are mentioned I'm the article for the services we specifically use. In AppCtl, I exclude all Office 365 and Azure based categories. In HTTPS inspection, I grouped all IP addresses related to the services and locations in use, and I put them into a bypass rule at the top of my rule set.

- Jason

0 Kudos

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events