Who rated this post

Who rated this post

L1 Bithead

I've talked multiple times to PA support, but also Microsoft support.

 

from what i've learned, excluding all the office365 ranges should work to some extend, but not in all instances.

I've excluded all the ranges (see below current output from my minemeld instance).

 

Office365/teams uses it's own routing protocol(!!!) and bypasses the installed routes by global protect. This results in teams still routed through the VPN tunnel for some users. This is not a PA issue (i noticed other vendors have the same issues) but a Microsoft issue.

I've opted them implementing a fix so office365 can be forced to follow the routing table as any other normal application, but of course they are not responding.

My recommendation: use all the ranges provided (don't bother with fqdn or application executables) and log a case with Microsoft about this issue. 

 

[code]

104.146.128.0/17
104.215.11.144
104.215.62.195
104.42.230.91
104.47.0.0/17
13.107.128.0/22
13.107.136.0/22
13.107.140.6
13.107.18.10/31
13.107.3.0/24
13.107.6.152/31
13.107.6.156/31
13.107.6.171
13.107.64.0/18
13.107.7.190/31
13.107.9.156/31
13.70.151.216
13.71.127.197
13.72.245.115
13.73.1.120
13.75.126.169
13.80.125.22
13.89.240.113
13.91.91.243
131.253.33.215
132.245.0.0/16
138.91.237.237
150.171.32.0/22
150.171.40.0/22
157.55.145.0/25
157.55.155.0/25
157.55.227.192/26
191.234.140.0/22
20.190.128.0/18
204.79.197.215
23.103.160.0/20
40.104.0.0/15
40.107.0.0/16
40.108.128.0/17
40.126.0.0/18
40.81.156.154
40.90.218.198
40.92.0.0/15
40.96.0.0/13
51.140.155.234
51.140.203.190
51.141.51.76
52.100.0.0/14
52.104.0.0/14
52.108.0.0/14
52.112.0.0/14
52.163.126.215
52.170.21.67
52.172.185.18
52.174.56.180
52.178.161.139
52.178.94.2
52.183.75.62
52.184.165.82
52.228.25.96
52.238.106.116
52.238.119.141
52.238.78.88
52.242.23.189
52.244.160.207
52.247.150.191
52.96.0.0/14
52.120.0.0/14
[/code]

 

Who rated this post