Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1806
Views
10
Helpful
3
Replies

Need PBR For Specific Office 365 traffic

harmesh88
Level 1
Level 1

‎02-12-2020 10:47 PM - edited ‎02-21-2020 09:55 AM

 

Actually We have one Chellange .

 

User is using all internal and internet access from Central Internet which is in MPLS Cloud , It is applied already for all branch location .

 

For example we will take one of the location .

 

User having GW confiugured in some PC which is pointing To Cisco Firepower and Cisco Firepower having connectivity to Internet Router which is local internet , Default Route configured in Cisco Firepower is toward MPLS (Core Switch )

 

 

SO EXACT Chellange would be like Below .

 

1st Path     >> USER ----->Cisco Firepower ----> internet Router --> Internet    (From this path user should access office 365 by configuring PBR)

 

2nd Path >> USER----->Cisco Firepower ---->Core Switch  --> MPLS Cloud - Central Internet ( Rest of the traffic should go from  this path )

 

 

Please let us know can we achieve this Chellange Cisco Firepower (FTD OS)

Labels:
0 Helpful
3 Replies 3

Peter Koltl
Level 7
Level 7

‎02-13-2020 11:10 AM

What you want is: application-aware routing. Viptela technology can do that:

https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/white_paper-c11-741353.html

 

What you have is: a traditional IP-based router. You can download the Office 365 IPv4 address list from 

https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

and add static routes ( not PBR) for the Office 365 sites pointing to local Internet gateway. However, the list is dynamic (i. e. changes in time).

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-14-2020 02:49 AM

I haven't tried it but you should be able to pull the O365 addresses into an object using the following:

https://community.cisco.com/t5/firepower/import-of-office365-urls-and-ips-into-fmc-ftd2130-acl-s/td-p/3729929

Then use that object in the PBR policy.

harmesh88
Level 1
Level 1
In response to Marvin Rhoads

‎03-01-2020 09:49 PM - edited ‎03-01-2020 09:50 PM

Dear Team ,

 

once i will get all destination IP of O365 , it should have ipv4 address and ipv6 address also .

 

so can i add both in policy route .

 

is it require any other configuration for ipv6 destination or not ?

 

One more thing that other firewall vendor giving dynamic object like automatically update ip address for that object (cloud obeject )so when we will get it in cisco firepower ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card