Layer 7 Country Filtering blocking office.com

DBlum
Getting noticed

Layer 7 Country Filtering blocking office.com

We have a layer 7 filter to deny traffic to/from all countries except:

Canada, France, Germany, Ireland, Netherlands, Sweden, Switzerland, UK, USA

 

For some reason this is blocking the ability to goto office.com, we are able to go to other microsoft sites but was wondering if anyone knew what countries we should allow for traffic to flow?  I have tried to whitelist the url as well as turning off AMP with no luck.

2 REPLIES 2
Uberseehandel
Kind of a big deal

You may find these helpful:

I omitted to add - 

This last document discusses a REST-based web service for accessing relevant addresses. But it doesn't disclose where they may be located. In the early days of Office 365, the location of one's data could be somewhat mobile, to say the least, to the point that for a time we could not sync certain categories of information with any of the MS sites, and had a separate secure data store in the land of the cuckoo clock.

It is quite a good idea to store stuff in Switzerland, because the good Swiss burgers will promptly inform you if anybody gets an order/warrant authorising access to data. This makes them more inclined to 'fess up about potential breaches of security. Which isn't necessarily the same case in other countries generally regarded as well regulated and reliable.

In no way, shape or form are mobile networks secure. Take appropriate measures (hint Moxie Marlinspike is your friend). Don't think fixed networks are any more secure.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Nash
Kind of a big deal

In addition to @Uberseehandel's advice, it's also worth knowing that MSFT owns a chunk of IP addresses that theoretically belong to Singapore, in addition to having a ton of domains at .ms (Montserrat). 

 

This is one of the weaknesses of geoblocking. IPv4 address blocks may not have any relationship to the country that they theoretically originate from.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels