For allowing access to office 365 services from our LAN, there is a long list of FQDN's (
or an associated list of /16 / 24 subnet ranges that needs to be accessed through firewall on ports IN/OUT 80 and 443.
On our Cisco's ASA 5200 with AIM SSM 20 onboard, what would be the performance impact if we deploy 'identity aware policies' and use DNS names instead of assocated IPs? Also, seems like AIP SSM 20 will scan through http traffic on port 80 but what about https traffic? Is that a residual risk in any way?