Whitelist URL instead of IP in Firewall rules for Microsoft Office activation

[Nono 3]

Dear community,

Unless I'm missing something, it was until few months back, possible to white list ranges of IP from Microsoft server, in order to  allow the activation of our Office product (Excel for example)

My rule was looking like this :

as the rule was activated only during an activation, it was somehow okay.

Nowaday, Microsoft doesn't provide a list of IP/Range anymore but only URL under the following KB : hxxp://support.microsoft.com/kb/921471

My question is the following : Is there a way to allow a specific software (ideally, a group of Microsoft Office Applications) to access these url which are blocked by our firewall rule (and not web protection rules) ?

 

 

 

 

 

[Marcos 5,074]

I'd create a new zone with those IP ranges and then create a new permissive rule for each of the MS Office applications and the zone selected in the Remote tab.

[itman 1,659]

I believe the OP's question is if he can use URL's instead of IP addresses in a firewall rule. The answer as far as I am aware of is no.

The problem is Microsoft constantly changes the IP addresses associated with its URLs. Therefore, using IP addresses is an effort in futility.

[Marcos 5,074]

FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times.

[bbahes 29]

15 hours ago, Marcos said:

FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times.

If DNS has problems then you have bigger problems.

Is this single mayor reason why ESET is not considering this feature?

[Marcos 5,074]

1 minute ago, bbahes said:

Is this single mayor reason why ESET is not considering this feature?

I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support.

[bbahes 29]

1 hour ago, Marcos said:

I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support.

This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? 

[Marcos 5,074]

21 minutes ago, bbahes said:

This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? 

It's on the wish list and has not been rejected nor accepted yet.

[Nono 3]

On 1/3/2019 at 12:27 PM, Marcos said:

It's on the wish list and has not been rejected nor accepted yet.

Is there any way to upvote this feature on the wish list ?

[Marcos 5,074]

9 minutes ago, Nono said:

Is there any way to upvote this feature on the wish list ?

The more requests come from our partners / sellers for such feature, the higher it may get on the list.

[bbahes 29]

2 minutes ago, Nono said:

Is there any way to upvote this feature on the wish list ?

As far as I know, no. I asked them long time ago, will they offer https://www.uservoice.com/ but I did not get answer.