Minemeld O365 doesn't have latest IPs

Reply
Highlighted
L4 Transporter

Minemeld O365 doesn't have latest IPs

Seeing an issue using minemeld and O365 IPs and not having the same IPs that Microsoft is advertising that need to be allowed.  Is there any easy way to confirm what is there and and what isn't via minemeld?   I've been using for awhile but only now did I notice that some of the CIDRs aren't coming across via minemeld.  


Accepted Solutions
Highlighted
L4 Transporter

Re: Minemeld O365 doesn't have latest IPs

Still fighting this issue.  I tried your self signed cert as well from github and now I get a different error message when attempting to authenticate to minemeld using that cert profile:

 

 

description contains 'EDL server certificate authentication failed....Reason: SSL peer certificate or SSH remote key was not OK'

 

 

Update:  So I changed the URL to include the server name instead of the IP address of minemeld and that seems to have fixed it.  I can see the IPs and URLs now and all is well again.  So:

 

https://minemeld.mydomain.com/feeds/o365-any-any-ipv4-feed vs https://10.10.10.1/feeds/o365-any-any-ipv4-feed 

 

First one works, second does not after generating the self signed cert on minemeld itself.  

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: Minemeld O365 doesn't have latest IPs

commenting to follow

Highlighted
L7 Applicator

Re: Minemeld O365 doesn't have latest IPs

@drewdown which version of MineMeld are you running? could you give me an example of a missing IP?

 

Thanks

Highlighted
L4 Transporter

Re: Minemeld O365 doesn't have latest IPs

Here you go:

 

VERSION: 0.9.52

O365-40.92.0.0-15

Highlighted
L7 Applicator

Re: Minemeld O365 doesn't have latest IPs

Just checked and I see that range (40.92.0.0-40.93.255.255) in my MM instance running 0.9.52.

 

Highlighted
L4 Transporter

Re: Minemeld O365 doesn't have latest IPs

Weird because now that I am looking at this seems my external lists referencing mine meld are blank.  So something is amiss.  Either I have an older version of feed/nodes or something else entirely.  I had set this up awhile ago and just assumed it was running. Some of URL references were simply https://youriphere/feeds/office365_IPv4s , was that used at one time?  

 

I went ahead and re-imported the configuration from the how-to and I can see it populating data.  But my external mine meld dynamic IP lists are still blank.  I tested source URL and it comes back successful but still seem to missing something. 

 

Basically I want to allow all O365 IPs on a specific policy via source IP using mind meld.  Is this the way I would do that?  Specific policy referencing mine meld external dynamic IP list as the source or destination? 

Highlighted
L7 Applicator

Re: Minemeld O365 doesn't have latest IPs

@drewdown which config are you referring to? which o364 Miner are you using?

If you could share your config I could give you some guidance.

Highlighted
L4 Transporter

Re: Minemeld O365 doesn't have latest IPs

I want to feed o365 IPv4/URLs into external dynamic lists and reference them in policies using those EDLs as source and or destination objects.  I configure the cert profile as well and I when browse to the URL in question I get a list of IPs but for whatever reason it doesn't look like PAN is creating the list correctly.  IE its blank.  I guess I would want to use the o365-worldwide-any-miner ?  

 

minemeld-2020-03.png

 

minemeld-2020-02.pngminemeld2020.pngminemeld-2020-01.png

 

 

 

L4 Transporter

Re: Minemeld O365 doesn't have latest IPs

As you can see the list is empty on the device but if I go to that URL it shows all the O365 IPs.  I am also referencing it on a security policy but it still won't populate.  I am using Panorama to do this if that matters,  

 

 

youandme@fw3060-678876(active)> request system external-list show type ip name
  o365-IPv4       o365-IPv4
  o365-IPv4-01   o365-IPv4-01
  o365-IPv6       o365-IPv6
  <name>          <name>

admin@fw1-3060-qts(active)> request system external-list show type ip name o365-IPv4-01

Server error : external dynamic list file either empty or not found

 

 

 

 

 

https://youriphere/feeds/o365-any-any-ipv4-feed

101.28.252.0-101.28.252.255
103.9.8.0-103.9.11.255
112.25.33.0-112.25.33.255
115.231.150.0-115.231.150.255
123.150.49.0-123.150.49.255
123.235.32.0-123.235.32.255
125.65.247.0-125.65.247.255
139.217.17.219-139.217.17.219
139.217.19.156-139.217.19.156
139.217.21.3-139.217.21.3
139.217.25.244-139.217.25.244
139.219.145.0-139.219.145.31
139.219.146.0-139.219.146.255
139.219.156.0-139.219.159.255
139.219.16.0-139.219.16.31
139.219.17.0-139.219.17.255
139.219.24.0-139.219.27.255
168.63.252.62-168.63.252.62
171.107.84.0-171.107.84.255
171.111.154.0-171.111.154.255
..............

 

 

Highlighted
L4 Transporter

Re: Minemeld O365 doesn't have latest IPs

More digging shows this in the logs although not sure if its relevant because I still can't get the list to populate:

 

 

 

description contains 'EDL server certificate authentication failed. The associated external dynamic list has been removed, which might impact your policy. EDL Name: o365-IPv4-01, EDL Source URL: https://youriphere/feeds/o365-any-any-ipv4-feed, CN: please use a real certificate, Reason: unable to get local issuer certificate

 

( description contains 'EDL(o365-IPv4-01) No changes to authentication status, still failing. ' )

 

The cert I used was the godaddy one from the mine meld install walk through that you wrote @lmori :

 

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Connecting-PAN-OS-to-MineMeld-using-External-...  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!