Solved

Open ports /Ip's DirSync

Posted on 2014-01-28
5
2,474 Views
Last Modified: 2014-01-29
Good day

Can someone please tell me which ports and IP's we need to open on our firewall in order to have Dirsync working. I have read an article which recommends opening ports 443 and 80. Unfortunately we cannot just open these ports for any IP, and need to be more specific to keep our environment secure.
0
Comment
Question by:iamdieter
5 Comments
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39814996
Here is the MS article detailing the Microsoft Office365 datacenter IP address ranges... I'm assuming that is what you are using DirSync for:

http://help.outlook.com/en-us/exchangelabshelp/gg263350

http://technet.microsoft.com/en-us/library/hh510075.aspx
0
 

Author Comment

by:iamdieter
ID: 39815020
Hi Spyder2010, thank you for the articles. These are the articles I came across, and am not prepared to create one rule on the firewall for 8 IP ranges. We are in the Ireland data center, and would like to know the exact IP's and ports we need to open.
0
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39815053
I see.  Our company recently moved to Office365, and we ran across the same issues, but unfortunately were told that we needed to open ports to all of the ranges listed in those articles.... due to MS having datacenters all over the globe, they claimed that your clients may be redirected to different datacenters depending on network load, maintenance, geographical location, etc...

The only options I know of would be to contact Microsoft directly... I would assume you have a contract of some sort(CloudVantage?) with them if you're using DirSync... you can ask them for specific IPs, maybe you'll have better luck than we did, but most likely they are going to tell you that you need to open the firewall to all of the ranges in the articles.

You could run network traffic monitoring software on your network, and sort through the logs to see which of the ranges your clients are making connections to, and only open to those... however, I would say that would put you into an 'unsupported configuration' by MS's standards, and if you ever have connection issues, they are likely going to ask that you open to all of the ranges before they will troubleshoot further.

Sorry this isn't a better answer, this is just what I've run into with my experiences dealing with MS, O365, and a similar situation.
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39815326
You can open those ports only for *.microsoftonline.com
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39816496
You should only need to open 80 and 443 (inbound/outbound) to the following:
*.microsoftonline.com and *.verisign.com

Jeff
TechSoEasy
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
Office 365 is currently available in five editions. Three of them are for business use: Office 365 Business Essentials, Office 365 Business, and Office 365 Business Premium. Two of them are for home/personal use: Office 365 Home and Office 365 Perso…
how to add IIS SMTP to handle application/Scanner relays into office 365.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question