Allow Office 365 not getting desired results...

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Allow Office 365 not getting desired results...

L0 Member

Hei,

We recently moved over to a full O365 solution and I am trying to customise the ruleset to Allow for O365 traffic when all other traffic is blocked.

 

Unfortunately I have hit a wall and cannot seem to get the application to be allowed. I am hoping one of you can point out what I have done wrong and how to correct it.

 

I have used Addresses (with FQDN) and Address Groups where I have defined all the sites that MS states are required. List is here: Office 365 URLs and IPs [Ideally I'd avoid using IPs as these are subject to change. 😉 ]

I then changed the top level policy to allow for the Address Group.

In testing, the client pc is able to start Office and receives the login screen but no login is able to complete. In the Monitor of PAN it details Destination as an IP and Application as "not-applicable"

 

I have also tried using the predefined Application setting (ms-office365), but then on the client pc it does not even resolve to the login screen, just displaying a bland "Unable to connect" pop-up.

 

Thanks in advance for any advice!

 

 

Details:

 

 

11 REPLIES 11

L5 Sessionator

Try one more thing.

 

Allow everything from that test machine and check the logs what all application are required to allow the access to office365 don't use URL filtering first. Then narrow down the security policy

 

Or 

 

Create a deny any any for that IP and check what all applicaiton are blocked and then add them to the allowed rule.

I have previously tried that and according to the Monitor, the Applications are (ms-office365-base), (web-browsing) and (ssl).

 

Unfortunately, these machines will be used by students in exams, so allowing for internet based traffic would be a bad idea...

 

 

Use URL categories , not FQDN !! they are absolutly not the same thing !!!

You can get two things from the logs application and IP/fdqn. Now add applicaiton and Destination address in rules in this way it will not allow access to other webistes.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!