Open ports /Ip's DirSync
Good day
Can someone please tell me which ports and IP's we need to open on our firewall in order to have Dirsync working. I have read an article which recommends opening ports 443 and 80. Unfortunately we cannot just open these ports for any IP, and need to be more specific to keep our environment secure.
Can someone please tell me which ports and IP's we need to open on our firewall in order to have Dirsync working. I have read an article which recommends opening ports 443 and 80. Unfortunately we cannot just open these ports for any IP, and need to be more specific to keep our environment secure.
ASKER
Hi Spyder2010, thank you for the articles. These are the articles I came across, and am not prepared to create one rule on the firewall for 8 IP ranges. We are in the Ireland data center, and would like to know the exact IP's and ports we need to open.
I see. Our company recently moved to Office365, and we ran across the same issues, but unfortunately were told that we needed to open ports to all of the ranges listed in those articles.... due to MS having datacenters all over the globe, they claimed that your clients may be redirected to different datacenters depending on network load, maintenance, geographical location, etc...
The only options I know of would be to contact Microsoft directly... I would assume you have a contract of some sort(CloudVantage?) with them if you're using DirSync... you can ask them for specific IPs, maybe you'll have better luck than we did, but most likely they are going to tell you that you need to open the firewall to all of the ranges in the articles.
You could run network traffic monitoring software on your network, and sort through the logs to see which of the ranges your clients are making connections to, and only open to those... however, I would say that would put you into an 'unsupported configuration' by MS's standards, and if you ever have connection issues, they are likely going to ask that you open to all of the ranges before they will troubleshoot further.
Sorry this isn't a better answer, this is just what I've run into with my experiences dealing with MS, O365, and a similar situation.
The only options I know of would be to contact Microsoft directly... I would assume you have a contract of some sort(CloudVantage?) with them if you're using DirSync... you can ask them for specific IPs, maybe you'll have better luck than we did, but most likely they are going to tell you that you need to open the firewall to all of the ranges in the articles.
You could run network traffic monitoring software on your network, and sort through the logs to see which of the ranges your clients are making connections to, and only open to those... however, I would say that would put you into an 'unsupported configuration' by MS's standards, and if you ever have connection issues, they are likely going to ask that you open to all of the ranges before they will troubleshoot further.
Sorry this isn't a better answer, this is just what I've run into with my experiences dealing with MS, O365, and a similar situation.
You can open those ports only for *.microsoftonline.com
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://help.outlook.com/en-us/exchangelabshelp/gg263350
http://technet.microsoft.com/en-us/library/hh510075.aspx