CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Page 2 of 2 FirstFirst 12
Results 21 to 26 of 26

Thread: How to handle Office365 IP addresses

  1. #21
    Join Date
    2006-10-25
    Location
    Wisconsin
    Posts
    16
    Rep Power
    0

    Default Re: How to handle Office365 IP addresses

    Quote Originally Posted by davidson View Post
    Any concept of why AC didn't resolve the issue? It was just pitched to us again and some of the other replies here seem to indicate success.
    You are also going to need HTTPS inspection enabled for it to work properly.

    Take a look at SK110679 as well.

  2. #22
    Join Date
    2009-03-11
    Posts
    17
    Rep Power
    0

    Default Re: How to handle Office365 IP addresses

    We used PowerShell to parse the file that contains all the IP addresses/blocks into something that works with dbedit.

    Then I use SecureRT to run dbedit, copy and paste the file into the SecureRT console, update_all

    Push the policy after I created a new group that contains all the objects created using DBEDIT.

    It worked well and took less than 2 hours.

    I have attached the file that is already parsed into dbedit format. You just need to use SecureRT, putty doesn't parse the lines correctly.

    Good luck.
    Attached Files Attached Files

  3. #23
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,303
    Rep Power
    14

    Default Re: How to handle Office365 IP addresses

    That's good for a one-time add, but how about ongoing maintenance of that list (for example, when IPs get added/removed)?
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  4. #24
    Join Date
    2017-06-13
    Posts
    1
    Rep Power
    0

    Default Re: How to handle Office365 IP addresses

    Quote Originally Posted by PhoneBoy View Post
    That's good for a one-time add, but how about ongoing maintenance of that list (for example, when IPs get added/removed)?
    Quote Originally Posted by dangel42 View Post
    You are also going to need HTTPS inspection enabled for it to work properly.

    Take a look at SK110679 as well.

    Has anyone successfully use application control to allow the O365 traffic?

  5. #25
    Join Date
    2010-03-04
    Location
    SW OH
    Posts
    12
    Rep Power
    0

    Default Re: How to handle Office365 IP addresses

    Regarding R80+ and automated scripts to populate objects. For the below script to work, do you need both the management server and gateway at R80+? For example, could the script be run on R80 Management and then the object pushed to a R77.30 gateway?

    Quote Originally Posted by tatapoum View Post
    Hi,
    Here is a Powershell script that will automate the creation of all Office 365 IP addresses and URLs in a management server R80+ :
    https://gist.github.com/anonymous/56...a94a2bdfe91912

    It depends on the ConvertFrom-O365AddressesXMLFile module (https://github.com/it-praktyk/Conver...dressesXMLFile). So you need to install it first.

    Here is the help :
    Code:
    NOM
        CCreate-O365CheckpointObjects.ps1
    
    RÉSUMÉ
        Create the required objects in a Checkpoint R80+ management server to allow Office 365 traffic
    
    
    SYNTAXE
        Create-O365CheckpointObjects.ps1 [-Server] <String> [[-Port] <Int32>]
        [[-DomainName] <String>] [[-Service] <String>] [[-Prefix] <String>] [[-Category] <String>] [-Type] <String>
        [<CommonParameters>]
    
    
    DESCRIPTION
        This script will connect to https://support.content.office.net/en-us/static/O365IPAddresses.xml
        and download an XML file containing the required objects to allow Office 365 traffic to pass.
        It will then create the objects (IPv4, IPv6 addresses or URLs) into the Checkpoint management
        server using the R80+ API, according to the selected parameters.
        It depends on the ConvertFrom-O365AddressesXMLFile module
        (https://github.com/it-praktyk/Convert-Office365NetworksData/tree/master/ConvertFrom-O365AddressesXMLFile).
    
    
    PARAMÈTRES
        -Server <String>
            The mandatory Checkpoint management server hostname or IP address
    
        -Port <Int32>
            The Checkpoint R80 API port
            By default, 443 will be used
    
        -DomainName <String>
    
        -Service <String>
            An optional Office 365 to filter on (among "WAC","Sway","Planner","Yammer","OfficeMobile", "ProPlus",
            "RCA","OneNote","OfficeiPad","EXO","SPO","Office365Video","LYO","Identity","CRLs","o365" and "EOP"
            If not specified, all Office 365 services objects will be created
    
        -Prefix <String>
            A prefix for the Office 365 objects in the Checkpoint management server
            By default, "O365" will be used
    
        -Category <String>
            The primary category for the Office 365 application objects in the Checkpoint management server
            By default, "Microsoft & Office365 Services" will be used
    
        -Type <String>
            A mandatory object type to filter on (among "IPv4","IPv6","URL")
    
        <CommonParameters>
            Cette applet de commande prend en charge les paramètres courants*: Verbose, Debug,
         ErrorAction, ErrorVariable, WarningAction, WarningVariable,
         OutBuffer, PipelineVariable et OutVariable. Pour plus d’informations, voir
         about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
    
        -------------------------- EXEMPLE 1 --------------------------
    
        PS C:\>Create-O365CheckpointObjects -Server cpserver -Type IPv4
    
        Description:
        Will create the IPv4 objects for all the Office 365 apps in a Checkpoint management server
        named "cpserver"
    
    
    
    
        -------------------------- EXEMPLE 2 --------------------------
    
        PS C:\>Create-O365CheckpointObjects -Server cpserver -Service LYO -Type IPv6 -Verbose
    
        Description:
        Will create the IPv6 network objects for Skype for Business in a Checkpoint management server
        named "cpserver"
    
    
    
    
        -------------------------- EXEMPLE 3 --------------------------
    
        PS C:\>Create-O365CheckpointObjects -Server cpserver -Service EOP -Type URL -Category "Exchange"
    
        Description:
        Will create an application object for Exchange Online, with the required URLs, and a primary
        category set to "Exchange"
    
    
    
    
    REMARQUES
        Pour consulter les exemples, tapez: "get-help Create-O365CheckpointObjects.ps1 -examples".
        Pour plus d'informations, tapez: "get-help Create-O365CheckpointObjects.ps1
        -detailed".
        Pour obtenir des informations techniques, tapez: "get-help Create-O365CheckpointObjects.ps1 -full".

  6. #26
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,303
    Rep Power
    14

    Default Re: How to handle Office365 IP addresses

    Quote Originally Posted by coldstone View Post
    Regarding R80+ and automated scripts to populate objects. For the below script to work, do you need both the management server and gateway at R80+? For example, could the script be run on R80 Management and then the object pushed to a R77.30 gateway?
    This is just automating the creation of network objects and groups from what I can tell.
    Which means it should be suitable for deployment to R77.x gateways managed by an R80(.10) manager.
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

Page 2 of 2 FirstFirst 12

Similar Threads

  1. SSL decryption for Office365
    By sebastan_bach in forum Application Control Blade
    Replies: 11
    Last Post: 2015-08-13, 23:59
  2. How does GAiA handle SIP?
    By Nimand in forum R75.40 (GAiA)
    Replies: 3
    Last Post: 2013-05-08, 08:58
  3. How much connection it can handle?
    By vbavbalist in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2012-07-13, 02:43
  4. Replies: 2
    Last Post: 2012-04-30, 04:57
  5. How to handle the VPN-1 certificate after an upgrade from 4.1 to NG?
    By roadrunner in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2005-08-13, 14:54

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •