outlook.office365.com and outlook.office.com - outage via MX's

Solved
ChristinaFA
Conversationalist

outlook.office365.com and outlook.office.com - outage via MX's

We just experienced a Meraki network-wide outage (over 200 sites) this morning where users were unable to get to outlook.office365.com and outlook.office.com.  All sites are configured to route to the internet directly out of their local ISP via an MX firewall.  

 

Did anyone else experience this?  It lasted at least 2-3 hours.

 

It just resolved by itself without any changes made to any configuration.

 

During the troubleshooting, as a test, I set one network to have a default route via the site-2-site VPN at our hub site (which then routes to the internet via an FTD), with that configuration, the user was able to get to office365.  

 

What could have happened? Anyone know?

1 Accepted Solution
ChristinaFA
Conversationalist

Turns out it was our L7 firewall Country Blocking policy.  Some outlook-related hostnames (like outlook.ha.office365.com)  were being resolved to IPs in countries that we block.  Of course there is NEVER anything in the Meraki logs when a country block rule is hit, so we were flying blind.  Although I think if you use syslog you can see something, is that right?

 

Also, I thought white-listing a client source IP meant that IP;

 

View solution in original post

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

Do you have any L7 rule or content filtering configured?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ChristinaFA
Conversationalist

Yes, but I removed all content filtering categories and white-listed my test IP on the dashboard, but the issue remained.

 

 

 

alemabrahao
Kind of a big deal
Kind of a big deal

Did you check Microsoft's Service Health Status during the issue? I use Office365 and My network is Meraki and I haven't noticed any problems.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ChristinaFA
Conversationalist

Turns out it was our L7 firewall Country Blocking policy.  Some outlook-related hostnames (like outlook.ha.office365.com)  were being resolved to IPs in countries that we block.  Of course there is NEVER anything in the Meraki logs when a country block rule is hit, so we were flying blind.  Although I think if you use syslog you can see something, is that right?

 

Also, I thought white-listing a client source IP meant that IP;

 

Get notified when there are additional replies to this discussion.