@RR @MacuserJim Review the FQDN Support here: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Firewall_Settings Important notes: Make sure your MX is running 13.4 or higher firmware as anything running 13.3 or earlier does not support FQDNs in the destination fields according to the documentation. You will also have to enable 'hostname visibility' for FQDN rules to function correctly, this is under the networks General settings. I only see 13.33 as Stable and 13.36 as Stable Release Candidate currently. My interpretation of this is that you will have to run 14.X code for putting an FQDN into the destination field for this to work (unless I'm misreading something?) 14.X code is technically beta as of 11/1/2018 so you might want to keep a closer eye on its performance etc., if you decide to move forward with this. I believe there a quiet a few people who are running 14.X for improved AMP performance/reliability without much issue. However, with all that being said. Big giant undocumented and known+expected behavior is FQDN is not supported in Cellular Failover rules, only IP addresses. This means you will only be able to utilize IP Addresses for now to accomplish what your trying to do. Below is my best attempt at taking the IP information from Microsoft to accomplish what the FQDN would have done on the cellular firewall rules. You should be able to copy/paste these so it would be minimal effort to test. OFFICE 365 RULE 1 13.107.6.152/31, 13.107.9.152/31, 13.107.18.10/31, 13.107.19.10/31, 13.107.128.0/22, 23.103.160.0/20, 23.103.224.0/19, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 111.221.112.0/21, 131.253.33.215/32, 132.245.0.0/16, 134.170.68.0/23, 150.171.32.0/22, 157.56.232.0/21, 157.56.240.0/20, 191.232.96.0/19, 191.234.140.0/22, 204.79.197.215/32, 206.191.224.0/19 OFFICE 365 RULE 2 13.107.6.152/31, 13.107.9.152/31, 13.107.18.10/31, 13.107.19.10/31, 13.107.128.0/22, 23.103.160.0/20, 23.103.224.0/19, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 111.221.112.0/21, 131.253.33.215/32, 132.245.0.0/16, 134.170.68.0/23, 150.171.32.0/22, 157.56.232.0/21, 157.56.240.0/20, 191.232.96.0/19, 191.234.140.0/22, 204.79.197.215/32, 206.191.224.0/19 OFFICE 365 RULE 3 13.107.6.152/31, 13.107.9.152/31, 13.107.18.10/31, 13.107.19.10/31, 13.107.128.0/22, 23.103.160.0/20, 23.103.224.0/19, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 111.221.112.0/21, 131.253.33.215/32, 132.245.0.0/16, 134.170.68.0/23, 150.171.32.0/22, 157.56.232.0/21, 157.56.240.0/20, 191.232.96.0/19, 191.234.140.0/22, 204.79.197.215/32, 206.191.224.0/19 OFFICE 365 RULE 4 13.107.6.152/31, 13.107.9.152/31, 13.107.18.10/31, 13.107.19.10/31, 13.107.128.0/22, 23.103.160.0/20, 23.103.224.0/19, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 111.221.112.0/21, 131.253.33.215/32, 132.245.0.0/16, 134.170.68.0/23, 150.171.32.0/22, 157.56.232.0/21, 157.56.240.0/20, 191.232.96.0/19, 191.234.140.0/22, 204.79.197.215/32, 206.191.224.0/19 OFFICE 365 RULE 5 23.103.132.0/22, 23.103.136.0/21, 23.103.144.0/20, 23.103.198.0/23, 23.103.200.0/22, 40.92.0.0/14, 40.107.0.0/17, 52.100.0.0/14, 52.238.78.88/32, 65.55.88.0/24, 65.55.169.0/24, 94.245.120.64/26, 104.47.0.0/17, 157.55.234.0/24, 157.56.110.0/23, 157.56.112.0/24, 207.46.100.0/24, 207.46.163.0/24, 213.199.154.0/24, 213.199.180.128/26, 216.32.180.0/23 OFFICE 365 RULE 6 23.103.132.0/22, 23.103.136.0/21, 23.103.144.0/20, 23.103.198.0/23, 23.103.200.0/22, 40.92.0.0/14, 40.107.0.0/17, 52.100.0.0/14, 65.55.88.0/24, 65.55.169.0/24, 94.245.120.64/26, 104.47.0.0/17, 157.55.234.0/24, 157.56.110.0/23, 157.56.112.0/24, 207.46.100.0/24, 207.46.163.0/24, 213.199.154.0/24, 213.199.180.128/26, 216.32.180.0/23 OFFICE 365 RULE 7 23.54.148.117/32,23.56.200.254/32 The rules above are the super specific ones that I could come up with based on the Microsoft document from the link earlier mentioned. However a good deal of these are duplicate IP's etc. So if you wanted to stream-line it, and ignore the destination port specificity, then you could do this with destination port of ANY and call it a day OFFICE 365 RULE - ANY DST PORT 13.107.6.152/31,104.47.0.0/17,111.221.112.0/21,13.107.128.0/22,13.107.18.10/31,13.107.19.10/31,13.107.9.152/31,131.253.33.215/32,132.245.0.0/16,134.170.68.0/23,150.171.32.0/22,157.55.234.0/24,157.56.110.0/23,157.56.112.0/24,157.56.232.0/21,157.56.240.0/20,191.232.96.0/19,191.234.140.0/22,204.79.197.215/32,206.191.224.0/19,207.46.100.0/24,207.46.163.0/24,213.199.154.0/24,213.199.180.128/26,216.32.180.0/23,23.103.136.0/21,23.103.144.0/20,23.103.160.0/20,23.103.198.0/23,23.103.200.0/22,23.103.224.0/19,40.104.0.0/15,40.107.0.0/17,40.92.0.0/14,40.96.0.0/13,52.100.0.0/14,52.238.78.88/32,52.96.0.0/14,65.55.169.0/24,65.55.88.0/24,94.245.120.64/26,23.103.132.0/22,23.54.148.117/32,23.56.200.254/32 I have no clue if this would work or not work. Only one way to find out is to test it 😃 Good luck !
... View more