smtp.office365.com - fw rule

Question

Hello, 
 I have two XGS2300 in A/P HA (SFOS 19.0.0 GA-Build317) 
 I have problem with firewall rule that allow TCP: 587 to fqdn smtp.office.365.com from internal LAN 
 from time to time traffic did not match this rule because firewall has problem to use/resolve all IP address that is hosted by fqdn smtp.office365.com 
 
 Look at attach: 
 - in "smtp.office365.com-DNSresolveBySophosFW.jpg" you can see most of IP addesses resolved from fqdn smtp.office36 5.com 
 - in "smtp.office365.com-blockedByFirewall.jpg" you can see that traffic from 10.0.84.20 > 40.99.150.82 TCP 587 is not matched by fw rule for smtp.office365.com 
 
 for this moment i had to add "Any" as destination instead of "smtp.office365.com" any idea?

Vivek Jagad · Answer

Hello MOl , Thank you for reaching out to the community, ensure the fw rule created is on the top ! You can also add them into the exceptions: 1.) Office 365 URLs and IP address ranges - https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide 2.) Configure web exceptions for Office 365 - https://support.sophos.com/support/s/article/KB-000038173?language=en_US

carbon15 · Answer

I've seen this behaviour a couple of times, I tried finding the cause with the help of Sophos Support but it proved fruitless. It didn't happen often enough to justify spending the time debugged the logs - we just switched to use the IP ranges on the firewall rule and moved on with life. Probably not the silver bullet you were hoping for,.. 
 
 Regards

smtp.office365.com - fw rule

Top Replies