Nono 3 Posted January 2, 2019 Share Posted January 2, 2019 Dear community, Unless I'm missing something, it was until few months back, possible to white list ranges of IP from Microsoft server, in order to allow the activation of our Office product (Excel for example) My rule was looking like this : as the rule was activated only during an activation, it was somehow okay. Nowaday, Microsoft doesn't provide a list of IP/Range anymore but only URL under the following KB : hxxp://support.microsoft.com/kb/921471 My question is the following : Is there a way to allow a specific software (ideally, a group of Microsoft Office Applications) to access these url which are blocked by our firewall rule (and not web protection rules) ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted January 2, 2019 Administrators Share Posted January 2, 2019 I'd create a new zone with those IP ranges and then create a new permissive rule for each of the MS Office applications and the zone selected in the Remote tab. Link to comment Share on other sites More sharing options...
itman 1,741 Posted January 2, 2019 Share Posted January 2, 2019 I believe the OP's question is if he can use URL's instead of IP addresses in a firewall rule. The answer as far as I am aware of is no. The problem is Microsoft constantly changes the IP addresses associated with its URLs. Therefore, using IP addresses is an effort in futility. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted January 2, 2019 Administrators Share Posted January 2, 2019 FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times. Link to comment Share on other sites More sharing options...
bbahes 29 Posted January 3, 2019 Share Posted January 3, 2019 15 hours ago, Marcos said: FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times. If DNS has problems then you have bigger problems. Is this single mayor reason why ESET is not considering this feature? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted January 3, 2019 Administrators Share Posted January 3, 2019 1 minute ago, bbahes said: Is this single mayor reason why ESET is not considering this feature? I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support. Link to comment Share on other sites More sharing options...
bbahes 29 Posted January 3, 2019 Share Posted January 3, 2019 1 hour ago, Marcos said: I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support. This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted January 3, 2019 Administrators Share Posted January 3, 2019 21 minutes ago, bbahes said: This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? It's on the wish list and has not been rejected nor accepted yet. Link to comment Share on other sites More sharing options...
Nono 3 Posted January 11, 2019 Author Share Posted January 11, 2019 On 1/3/2019 at 12:27 PM, Marcos said: It's on the wish list and has not been rejected nor accepted yet. Is there any way to upvote this feature on the wish list ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted January 11, 2019 Administrators Share Posted January 11, 2019 9 minutes ago, Nono said: Is there any way to upvote this feature on the wish list ? The more requests come from our partners / sellers for such feature, the higher it may get on the list. Link to comment Share on other sites More sharing options...
bbahes 29 Posted January 11, 2019 Share Posted January 11, 2019 2 minutes ago, Nono said: Is there any way to upvote this feature on the wish list ? As far as I know, no. I asked them long time ago, will they offer https://www.uservoice.com/ but I did not get answer. Link to comment Share on other sites More sharing options...
Recommended Posts