I have a customer that uses Office365, and I found out a few weeks ago that this failed due to Microsoft changing their IP's.
I have looked and so far Microsoft seem to not give FQDN for their server supporting the office suite that I can find.
I have found however that Microsoft has a lot of online document that have 365 pages and more.
Do you need IP to allow or block 365, if yes you dont need it.
You can allow/block it based on application. Thats the advantage of having next-generation firewall.
Lets say if someone wants to block facebook, then he doesnt have to specify facebook IPs in policy. Which is different world wide.
Just specify facebook in application field of policy, palo alto will identify it based on packet excahgne.
In your case specify office 365 in policy that will take care of it.
Also keep in mind that if the customer is using Microsoft Office 365 as a front end CAS server and then has mail distributed to an onsite Exchange server then our application signature will not work. You will have to manually create address objects for the exchange Office365 subnets that are allowed and place them in an address group to apply to your security policy. But if it's just browser based Office 365 then the application signature will work. Hope this helps Jeff.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!