Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 23 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 3864 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

smtp.office365.com - fw rule

MOl

Hello, 

I have two XGS2300 in A/P HA (SFOS 19.0.0 GA-Build317)

I have problem with firewall rule that allow TCP: 587 to fqdn smtp.office.365.com from internal LAN

from time to time traffic did not match this rule because firewall has problem to use/resolve all IP address that is hosted by fqdn smtp.office365.com

Look at attach:

   -  in "smtp.office365.com-DNSresolveBySophosFW.jpg" you can see most of IP addesses resolved from fqdn smtp.office36 5.com

   - in "smtp.office365.com-blockedByFirewall.jpg" you can see that traffic from 10.0.84.20 > 40.99.150.82 TCP 587 is not matched by fw rule for smtp.office365.com

for this moment i had to add "Any" as destination instead of "smtp.office365.com" any idea?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to MOl

    Hello ,

    Can see you have mentioned the service explicitly mentioned as only SMTPS and office also utilizes https and http ports. 
    Try adding those services and ensure in the FW rule a "Linked NAT" is present with MASQ enabled ! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hello #Vivek,

    I am talking about outgoing mail communication only. No need to add HTTP/S 

  • 0 in reply to MOl

    Hello #Vivek,

    If you look at firewall log screenshot. We are talking about outgoing TCP 587 port, only .....

  • 0 in reply to MOl

    okay , noted but have you created a LINKED NAT in the current FW rule with MASQ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Of course NAT is already in place, becouse some email can pass....

    Main problem is that firewall rule (with fqdn "smtp.office365.com as destination) will not match some IPs from dns resolve of fqdn "smtp.office365.com"

  • 0 in reply to MOl

    Can you perform this steps:
    nslookup smtp.office365.com
    Domain Name Server# 127.0.0.1
    Domain Name # smtp.office365.com
    Resolved Address 1# outlook.office365.com.
    Resolved Address 1# outlook.ha.office365.com.
    Resolved Address 1# outlook.ms-acdc.office.com.
    Resolved Address 1# bom-efz.ms-acdc.office.com.
    Resolved Address 1# 40.99.9.50
    Resolved Address 2# 52.98.58.34
    Resolved Address 3# 52.98.123.226
    Resolved Address 4# 40.99.9.178
    Total query time # 58.80 msec
    Domain Name # smtp.office365.com
    Resolved Address 1# 2603:1046:c04:83a::2
    Resolved Address 2# 2603:1046:c04:80d::2
    Resolved Address 3# 2603:1046:c04:818::2
    Resolved Address 4# 2603:1046:c04:800::2
    Total query time # 21.21 msec
    ===============================
    telnet smtp.office365.com 587
    Trying 40.100.141.162...
    Connected to smtp.office365.com.
    Escape character is '^]'.
    220 BMXP287CA0013.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 18 Aug 2022 08:02:35 +0000
    helo localhost
    250 BMXP287CA0013.outlook.office365.com Hello [103.250.31.36]
    ================================
    And if you want to resolve this with the specific DNS then you may execute the following command: nslookup smtp.office365.com <DNS IP>
    =================================
    between what is the DNS config on the client machine IP: 10.0.84.20 ? 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    server 10.0.84.20 use sohosFW as DNS server

  • 0 in reply to MOl

    So can you perform the nslookup and telnet output from that client machine and start the tcpdump packet capture + diagnostics > packet capture...

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Everytime i use "nslookup smtp.office365.com" I will get different result.

    C:\Users\Administrator>nslookup smtp.office365.com
    Server: UnKnown
    Address: 10.0.84.1

    Non-authoritative answer:
    Name: fra-efz.ms-acdc.office.com
    Addresses: 2603:1026:c03:6470::2
    2603:1026:c0d:34::2
    2603:1026:c03:6466::2
    52.97.157.162
    52.98.208.66
    52.97.149.242
    Aliases: smtp.office365.com
    outlook.office365.com
    outlook.ha.office365.com
    outlook.ms-acdc.office.com


    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>
    C:\Users\Administrator>nslookup smtp.office365.com
    Server: UnKnown
    Address: 10.0.84.1

    Non-authoritative answer:
    Name: hhn-efz.ms-acdc.office.com
    Addresses: 2603:1026:c0d:c02::2
    2603:1026:c0d:c1c::2
    2603:1026:c0d:82d::2
    2603:1026:c0d:82b::2
    52.98.152.162
    40.99.150.34
    40.99.214.34
    52.98.175.2
    Aliases: smtp.office365.com
    outlook.office365.com
    outlook.ha.office365.com
    outlook.ms-acdc.office.com


    C:\Users\Administrator>nslookup smtp.office365.com
    Server: UnKnown
    Address: 10.0.84.1

    Non-authoritative answer:
    Name: outlook-g.trafficmanager.net
    Addresses: 2603:1026:208:85::2
    2603:1026:c02:4012::2
    2603:1026:c03:6807::2
    2603:1026:c0a:8f6::2
    2603:1026:300:c8::2
    2603:1046:c0f:40e::2
    2603:1026:c03:581b::2
    2603:1026:6:2a::2
    40.99.150.2
    40.99.150.18
    40.99.150.50
    52.98.152.178
    Aliases: smtp.office365.com
    outlook.office365.com
    outlook.ha.office365.com
    outlook.ms-acdc.office.com
    hhn-efz.ms-acdc.office.com
    outlook-fs.office.com


    C:\Users\Administrator>nslookup smtp.office365.com
    Server: UnKnown
    Address: 10.0.84.1

    Non-authoritative answer:
    Name: outlook-g.trafficmanager.net
    Addresses: 2603:1026:208:85::2
    2603:1026:c02:4012::2
    2603:1026:c03:6807::2
    2603:1026:c0a:8f6::2
    2603:1026:300:c8::2
    2603:1046:c0f:40e::2
    2603:1026:c03:581b::2
    2603:1026:6:2a::2
    52.98.175.2
    40.101.126.210
    40.101.84.2
    52.98.18.18
    52.98.154.146
    52.97.171.194
    52.97.146.2
    40.99.26.210
    Aliases: smtp.office365.com
    outlook.office365.com
    outlook.ha.office365.com
    outlook.ms-acdc.office.com
    HHN-efz.ms-acdc.office.com
    outlook-fs.office.com


    C:\Users\Administrator>

  • 0 in reply to MOl

    same with telnet test. With every test i will get different IP address. 

    This is OK.

Unfiltered HTML