Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 19268 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

webprotection settings for O365 + skype for business

funki_sahib

Morning,

 

which settings (exceptions) on the webproxy do i need for both services? we want to use O365 (outlook on client, also skype video and normal phone call)

when i look at the websites from microsoft i see there a lot of complete networks which has to be accessible for clients. also a lot of ports and also fqdn.

but are all of that needed for this?

 

when anybody can explain me how they setup their utm, it would be great. thanks.

 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to ThorstenSult

    This is not really helpful tho is it?

    This assumes that you can open the following ports to the world. 

    SfB (Data Sharing Sessions) 443 TCP Outbound
    SfB (Video, Audio, Application Sharing) 443 TCP Outbound
    SfB (Audio & Video) 3478 UDP Outbound
    SfB (Audio & Video) 50000-59999 TCP/UDP Outbound
    SfB/Lync Mobile Push iOS Only 5223 TCP Outbound

     

    There is no way to open these ports to *.domain name.

     

    So.. We are left having to enter 300 IP addresses into the firewall to allow traffic for Skype for business to work. And since there is now way to import ip addresses they have to be entered manually.. 

    So fed up with these firewalls.

Children
  • 0 in reply to Mike Fuller

    Mike, these are outbound only, so a general firewall rule like 'Internal (Network) -> {ports} -> Internet : Allow' should be all that's necessary.  Since the UTM firewall is stateful, it will keep track of the connections it makes and automatically allow responses, so no inbound rules are needed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Right.. But in a company with 4500 employees and 7000+ devices we aren't going to allow Common ports for skype/ms to be allowed outbound to any public ip address. We need to restrict them to MS/Office365/Skype/ Public ip addresses

     

  • 0 in reply to Mike Fuller

    I agree 100%, Mike.  Do you already have a solution in mind?  How many locations are involved?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sadly, the only solution that i could find (support, forums, sales engineers) was to add all 300 ip/ranges to the firewall. Luckily the SUM server can reach most of the firewalls in place, but its really fustrating that sophos is lacking so many config options that other firewall vendors have and have had in place for long while.

     

    There are 7 Sophos firewalls and a bunch of Sonic walls. But those numbers will drop as they are replaced.

     

Unfiltered HTML