Jump to content

Whitelist URL instead of IP in Firewall rules for Microsoft Office activation


Nono
 Share

Recommended Posts

Dear community,

Unless I'm missing something, it was until few months back, possible to white list ranges of IP from Microsoft server, in order to  allow the activation of our Office product (Excel for example)

My rule was looking like this :

image.thumb.png.f499fa0f9166fea977fd7b9e72f43fc8.png

as the rule was activated only during an activation, it was somehow okay.

Nowaday, Microsoft doesn't provide a list of IP/Range anymore but only URL under the following KB : hxxp://support.microsoft.com/kb/921471

My question is the following : Is there a way to allow a specific software (ideally, a group of Microsoft Office Applications) to access these url which are blocked by our firewall rule (and not web protection rules) ?

 

 

 

 

 

Link to comment
Share on other sites

  • Administrators

I'd create a new zone with those IP ranges and then create a new permissive rule for each of the MS Office applications and the zone selected in the Remote tab.

Link to comment
Share on other sites

I believe the OP's question is if he can use URL's instead of IP addresses in a firewall rule. The answer as far as I am aware of is no.

The problem is Microsoft constantly changes the IP addresses associated with its URLs. Therefore, using IP addresses is an effort in futility.

Link to comment
Share on other sites

  • Administrators

FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times.

Link to comment
Share on other sites

15 hours ago, Marcos said:

FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times.

If DNS has problems then you have bigger problems.

Is this single mayor reason why ESET is not considering this feature?

Link to comment
Share on other sites

  • Administrators
1 minute ago, bbahes said:

Is this single mayor reason why ESET is not considering this feature?

I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support.

Link to comment
Share on other sites

1 hour ago, Marcos said:

I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support.

This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? 

Link to comment
Share on other sites

  • Administrators
21 minutes ago, bbahes said:

This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? 

It's on the wish list and has not been rejected nor accepted yet.

Link to comment
Share on other sites

On 1/3/2019 at 12:27 PM, Marcos said:

It's on the wish list and has not been rejected nor accepted yet.

Is there any way to upvote this feature on the wish list ?

Link to comment
Share on other sites

  • Administrators
9 minutes ago, Nono said:

Is there any way to upvote this feature on the wish list ?

The more requests come from our partners / sellers for such feature, the higher it may get on the list.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...