Solved

Open ports /Ip's DirSync

Posted on 2014-01-28
5
2,517 Views
Last Modified: 2014-01-29
Good day

Can someone please tell me which ports and IP's we need to open on our firewall in order to have Dirsync working. I have read an article which recommends opening ports 443 and 80. Unfortunately we cannot just open these ports for any IP, and need to be more specific to keep our environment secure.
0
Comment
Question by:iamdieter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39814996
Here is the MS article detailing the Microsoft Office365 datacenter IP address ranges... I'm assuming that is what you are using DirSync for:

http://help.outlook.com/en-us/exchangelabshelp/gg263350

http://technet.microsoft.com/en-us/library/hh510075.aspx
0
 

Author Comment

by:iamdieter
ID: 39815020
Hi Spyder2010, thank you for the articles. These are the articles I came across, and am not prepared to create one rule on the firewall for 8 IP ranges. We are in the Ireland data center, and would like to know the exact IP's and ports we need to open.
0
 
LVL 6

Expert Comment

by:Spyder2010
ID: 39815053
I see.  Our company recently moved to Office365, and we ran across the same issues, but unfortunately were told that we needed to open ports to all of the ranges listed in those articles.... due to MS having datacenters all over the globe, they claimed that your clients may be redirected to different datacenters depending on network load, maintenance, geographical location, etc...

The only options I know of would be to contact Microsoft directly... I would assume you have a contract of some sort(CloudVantage?) with them if you're using DirSync... you can ask them for specific IPs, maybe you'll have better luck than we did, but most likely they are going to tell you that you need to open the firewall to all of the ranges in the articles.

You could run network traffic monitoring software on your network, and sort through the logs to see which of the ranges your clients are making connections to, and only open to those... however, I would say that would put you into an 'unsupported configuration' by MS's standards, and if you ever have connection issues, they are likely going to ask that you open to all of the ranges before they will troubleshoot further.

Sorry this isn't a better answer, this is just what I've run into with my experiences dealing with MS, O365, and a similar situation.
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39815326
You can open those ports only for *.microsoftonline.com
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39816496
You should only need to open 80 and 443 (inbound/outbound) to the following:
*.microsoftonline.com and *.verisign.com

Jeff
TechSoEasy
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
In-place Upgrading Dirsync to Azure AD Connect
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question