Hi, I wonder anyone else got this problem: for several months we got layer 7 traffic blocked from China, Russia and Andorra - destinations from we got most attacks registered.
For about 2 weeks our MS Office 365 applications started not to respond, hang, not refresh. MS Support engineers cannot recognize the problem. I can see all web applications wait endlessly for java scripts from modernb.akamai.odsp.cdn.office.net
Tracert seems to work fine as I can check only heartbeat responses from web servers but cannot check what does not work deeper.
So, I removed first China then Andorra from the filtering. No change. I removed Russia and.. voila!
Is anybody able to explain how is it possible the MS cloud started to work only with Russia located switches? Is our data from UE passed by MS to Russia and back???
How do you propose to bypass the Russian network still blocking traffic to and from this destination within layer 7?
Thanks in advance for any suggestions.
Michal.
Hi @NGOrfomPL , this could be down to the host IP that you’re communicating with being incorrectly labelled as located within Russia.
What IP address is being flagged?
thanks for the quick response.
It all hangs at modernb.akamai.odsp.cdn.office.net hosts. Then, after several minutes the transfer looks to be switched to modernb.verizon.odsp.cdn.office.net, and the pages load. We have also problems with OneDrive and Teams in browsers - they do not load or load very slow, apps look to work fine although emoticons are not displayed correctly in the Teams app.
Any suggestions taking these into consideration?
Thanks in advance,
Michal.
Interesting - just ran both hostnames through Cisco Talos to check their reputation and they both are based in the US. So not sure why they're being flagged as Russian based.
Worth running a packet capture on the MX to see whats happening? Once with the rule applied and then again with it removed to compare?
Well, looks like the root hosts are US based unfortunately the work mules are Russia located, indeed 😞
Then layer 7 filtering works fine with MX, and it is Microsoft who should be unrest, I hope.
I sent them this picture and waiting for their response. I will publish it here. Thanks.
Crikey. Well done for pursuing.
Interested to see how this progresses