how to allow office 365 domain address in access rule

AngeloAnelloIT · ‎03-13-2019

Hi All,

I am new to working on Cisco Firepower and was looking for guidance on the following:

I need to create an access rule to allow access to the Office 365 services.

I have all of the domain names required to add to the rule e.g. *.office.com, *.sharepointonline.com but i am unable to find how to create an object that can encompass this.

I can create a network object using an IP address.

When i create a network object (Object > Object Management > Network), am i supposed to use the 'FQDN' option and then enter the value '*.office.com'?

Do i also need to create a single object for each domain and then create a group and add them to it?

I hope that this makes sense.

Your help is appreciated.

Regards,

Angelo

Rob Ingram · ‎03-15-2019

Hi,

Check out this Cisco Live session (BRKSEC-2033), it's a dedicated session using Office 365 and Firepower. It also provides some python scripts.

HTH

InTheJuniverse · ‎03-15-2019

You have to do couple of things to achieve what you want to achieve.

1) Obtain Office Subnets (Ip address range / subnet mask) from O365 team

2) Create Network Objects for each Subnet

3) Add all of them to a "Office_Networks" object.

4) Create a Global Trusted Policy (check Screenshot) and add Office Network Object

5) Add Office O365 as Trusted Application in 'Trusted Application' rule. (Check Screenshot).