Problems with ms lync / url filtering

Reply
Highlighted
L2 Linker

Problems with ms lync / url filtering

Hi all,

I am trying to get lync2013 working, and more specifically Skype for Business, successor of Lync. I have Lync 2013 completely working, but I would like to permit all the wildcards permitted through url filtering, linked to a number of applications as Stun, ssl, mslync,... After this rule , there are also other url filtering rules, for example for all other users, going to internet.

The list I am talking about is :

*.microsoftonline.com

*.microsoftonline-p.com

*.onmicrosoft.com

*.sharepoint.com

*.outlook.com

*.lync.com

*.verisign.com

*.verisign.net

*.public-trust.com

sa.symcb.com

I tried with security profile, with an allowed url_categorie, for ex. 'Microsoft permitted sites'  with the wildcards in, but problem is that in that case, I have to block all categories, otherwise all categories are permitted. Blocking is also no option, since then users can only go to the defined sites and nothing else. Anybody an idea ?

thanks

L5 Sessionator

Re: Problems with ms lync / url filtering

Hello,

Create security policy with with your custom categories in the service column instead of applying as security profile.

Regards,

Hari Yadavalli

L2 Linker

Re: Problems with ms lync / url filtering

Thanks Hyadavall, but I tried that. What I did was creating custom url_categorie, and put here all the *.microsoft sites in it. This category I applied in the rule and added as url category in the policy. I don't think I can add a customer url category as service, like you said. Problem is that not only the traffic to the microsoft sites seems to be allowed, but also all the traffic going to untrust, which has no url category, and translated as any. 23.101.14.229 is ip of a newspaper.

greetz,

Johan

L7 Applicator

Re: Problems with ms lync / url filtering

For SSL sites you will need to enable decryption to read the url and apply any url filtering policy.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!