Office365 traffic to send via local breakout/internet link and during failover should go via MPLS

victorjose
Conversationalist

Office365 traffic to send via local breakout/internet link and during failover should go via MPLS

Hi Experts,

 

One of the customer has SDWAN setup with WAN1 as MPLS primary link and WAN2 as Internet secondary link. the main use case they are expecting out of Meraki SD-WAN solution is about Office365 local breakout via Internet as primary and if it fails, it should go via MPLS underlay. 

 

Currently everything goes via AutoVPN tunnel so default route is pushed via tunnel however they want office365 traffic to be excluded and send it via local breakout. 

 

i was referring below discussion : 

 

https://community.meraki.com/t5/Security-SD-WAN/Meraki-local-break-out-for-office-365/m-p/30010#M724...

 

and suggestion was given as : "Allow all the IP subnets used by Microsoft for the service to MPLS subnets and block everything else".

 

but this IP list gets updated and that is quite painful also it has massive list of ip address which customer is not comfortable to configure it. is there any other option available? 

 

Has anyone deployed such solution?

3 REPLIES 3
CptnCrnch
Kind of a big deal
Kind of a big deal

Direct Internet Breakout for specific applications like M365 can be performed automatically by using the SD-WAN Plus License.

PhilipDAth
Kind of a big deal
Kind of a big deal

Write a Python script to download the list from Microsoft:

https://docs.microsoft.com/en-us/windows/security/identity-protection/vpn/vpn-office-365-optimizatio... 

 

And then use the Meraki API to update the networks automatically.

Thank you!!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels