This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall blocking outbound Office/Windows 10 traffic

Problem

Windows 10 and MS Office have a large number of addresses they attempt to access over port 80 and 443. Much of this ignores the client proxy configuration.

Sophos UTM > Network Protection > Top Dropped Destination Services/Hosts

  1. a23-2-87-17.deploy.static.akamaitechnologies.com
  2. a104-64-234-58.deploy.static.akamaitechnologies.com
  3. a23-41-185-26.deploy.static.akamaitechnologies.com
  4. a96-17-229-36.deploy.static.akamaitechnologies.com
  5. a23-5-230-228.deploy.static.akamaitechnologies.com

All of these have CNAMES on Microsoft domains.

How do I allow this traffic without having to manually allow every single IP address? There are probably hundreds, if not thousands, of addresses MS/Akamai can use. I need to be able to use a DNS wildcard, but that only seems to be an option on the Web Filtering.

Can I force this traffic through the web filter and allow unauthenticated access somehow? There are dozens of domains here. How are other people using Sophos UTM dealing with this sort of outbound traffic?

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions

https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1803-endpoints

https://docs.microsoft.com/en-us/office365/enterprise/managing-office-365-endpoints



This thread was automatically locked due to age.
Parents
  • Did you try to use different methods of implementing proxy settings in Windows 10? For example some services ignore the “user setting” and listen for example on netsh winhttp set proxy <proxy>:<port>.

    Some people are happy if not every date is transferred to a big vendor, covered under the term telemetry.

    BR

    Alex

    -

Reply
  • Did you try to use different methods of implementing proxy settings in Windows 10? For example some services ignore the “user setting” and listen for example on netsh winhttp set proxy <proxy>:<port>.

    Some people are happy if not every date is transferred to a big vendor, covered under the term telemetry.

    BR

    Alex

    -

Children
No Data