Firewall blocking outbound Office/Windows 10 traffic

Problem

Windows 10 and MS Office have a large number of addresses they attempt to access over port 80 and 443. Much of this ignores the client proxy configuration.

Sophos UTM > Network Protection > Top Dropped Destination Services/Hosts

  1. a23-2-87-17.deploy.static.akamaitechnologies.com
  2. a104-64-234-58.deploy.static.akamaitechnologies.com
  3. a23-41-185-26.deploy.static.akamaitechnologies.com
  4. a96-17-229-36.deploy.static.akamaitechnologies.com
  5. a23-5-230-228.deploy.static.akamaitechnologies.com

All of these have CNAMES on Microsoft domains.

How do I allow this traffic without having to manually allow every single IP address? There are probably hundreds, if not thousands, of addresses MS/Akamai can use. I need to be able to use a DNS wildcard, but that only seems to be an option on the Web Filtering.

Can I force this traffic through the web filter and allow unauthenticated access somehow? There are dozens of domains here. How are other people using Sophos UTM dealing with this sort of outbound traffic?

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions

https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1803-endpoints

https://docs.microsoft.com/en-us/office365/enterprise/managing-office-365-endpoints

  • Did you try to use different methods of implementing proxy settings in Windows 10? For example some services ignore the “user setting” and listen for example on netsh winhttp set proxy <proxy>:<port>.

    Some people are happy if not every date is transferred to a big vendor, covered under the term telemetry.

    BR

    Alex

  • Hi and welcome to the UTM Community!

    Please show one or two representative lines from the full Firewall log (not the Live Log).

    Cheers - Bob