Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 11076 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

In the firewall policy, how can we add all of Microsoft's ip addresses as trusted?

DianaGallegos

The firewall is blocking rundll.exe from accessing external sites that are not listed as trusted.  We don't want to allow rundll.exe to access all external sites, just the Microsoft sites.  I've already added the following sites as trusted:

microsoft.com

www.microsoft.com

office.microsoft.com

outlook.office365.com

login.microsoftonline.com

www.office.com

portal.office.com

By adding the above as trusted sites in the LAN section of the firewall policy, many of the problems we had with Outlook and Office 365 disappeared.  However, just yesterday we discovered some more Microsoft ip addresses that Outlook was trying to access via rundll.exe but were being blocked.  I don't want to have to add individual ip addresses every time Outlook is redirected to a different Microsoft server.  How can we set up the firewall to always allow legitimate traffic to any known Microsoft server?



This thread was automatically locked due to age.
Parents
  • 0

    Hello DianaGallegos,

    first of all, you should never add and mark external addresses to the LAN section. Trusted allows all traffic, outgoing and incoming (don't forget that addresses can be spoofed).

    You should add the addresses (and if feasible ports) in an application rule (though rundll isn't an application, the firewall can't know what rundll is running so you can't tell whether this is legitimate traffic). Wonder why Microsoft is using a plethora of addresses but anyway you could use IP address with wildcards or  subnet mask, e.g. 132.245.226.0 (255.255..255.0). Likely all these belong to Microsoft but there might not only known Microsoft servers be behind them.

    You are configuring a client firewall which deliberately doesn't use host or domain names in its rules as it could be subverted by a rogue DNS.


    Christian

Reply
  • 0

    Hello DianaGallegos,

    first of all, you should never add and mark external addresses to the LAN section. Trusted allows all traffic, outgoing and incoming (don't forget that addresses can be spoofed).

    You should add the addresses (and if feasible ports) in an application rule (though rundll isn't an application, the firewall can't know what rundll is running so you can't tell whether this is legitimate traffic). Wonder why Microsoft is using a plethora of addresses but anyway you could use IP address with wildcards or  subnet mask, e.g. 132.245.226.0 (255.255..255.0). Likely all these belong to Microsoft but there might not only known Microsoft servers be behind them.

    You are configuring a client firewall which deliberately doesn't use host or domain names in its rules as it could be subverted by a rogue DNS.


    Christian

Children
No Data
Unfiltered HTML