Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Open ports /Ip's DirSync

Posted on 2014-01-28
5
Medium Priority
?
2,588 Views
Last Modified: 2014-01-29
Good day

Can someone please tell me which ports and IP's we need to open on our firewall in order to have Dirsync working. I have read an article which recommends opening ports 443 and 80. Unfortunately we cannot just open these ports for any IP, and need to be more specific to keep our environment secure.
0
Comment
Question by:iamdieter
5 Comments
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39814996
Here is the MS article detailing the Microsoft Office365 datacenter IP address ranges... I'm assuming that is what you are using DirSync for:

http://help.outlook.com/en-us/exchangelabshelp/gg263350

http://technet.microsoft.com/en-us/library/hh510075.aspx
0
 

Author Comment

by:iamdieter
ID: 39815020
Hi Spyder2010, thank you for the articles. These are the articles I came across, and am not prepared to create one rule on the firewall for 8 IP ranges. We are in the Ireland data center, and would like to know the exact IP's and ports we need to open.
0
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39815053
I see.  Our company recently moved to Office365, and we ran across the same issues, but unfortunately were told that we needed to open ports to all of the ranges listed in those articles.... due to MS having datacenters all over the globe, they claimed that your clients may be redirected to different datacenters depending on network load, maintenance, geographical location, etc...

The only options I know of would be to contact Microsoft directly... I would assume you have a contract of some sort(CloudVantage?) with them if you're using DirSync... you can ask them for specific IPs, maybe you'll have better luck than we did, but most likely they are going to tell you that you need to open the firewall to all of the ranges in the articles.

You could run network traffic monitoring software on your network, and sort through the logs to see which of the ranges your clients are making connections to, and only open to those... however, I would say that would put you into an 'unsupported configuration' by MS's standards, and if you ever have connection issues, they are likely going to ask that you open to all of the ranges before they will troubleshoot further.

Sorry this isn't a better answer, this is just what I've run into with my experiences dealing with MS, O365, and a similar situation.
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 39815326
You can open those ports only for *.microsoftonline.com
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1500 total points
ID: 39816496
You should only need to open 80 and 443 (inbound/outbound) to the following:
*.microsoftonline.com and *.verisign.com

Jeff
TechSoEasy
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Overload?
Microsoft has changed the look and feel of Azure AD and Microsoft account sign-in pages so that you will have a more unified look and feel when moving between the two interfaces.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question