Jump to content
Nono

Whitelist URL instead of IP in Firewall rules for Microsoft Office activation

Recommended Posts

Dear community,

Unless I'm missing something, it was until few months back, possible to white list ranges of IP from Microsoft server, in order to  allow the activation of our Office product (Excel for example)

My rule was looking like this :

image.thumb.png.f499fa0f9166fea977fd7b9e72f43fc8.png

as the rule was activated only during an activation, it was somehow okay.

Nowaday, Microsoft doesn't provide a list of IP/Range anymore but only URL under the following KB : hxxp://support.microsoft.com/kb/921471

My question is the following : Is there a way to allow a specific software (ideally, a group of Microsoft Office Applications) to access these url which are blocked by our firewall rule (and not web protection rules) ?

 

 

 

 

 

Share this post


Link to post
Share on other sites

I'd create a new zone with those IP ranges and then create a new permissive rule for each of the MS Office applications and the zone selected in the Remote tab.

Share this post


Link to post
Share on other sites

I believe the OP's question is if he can use URL's instead of IP addresses in a firewall rule. The answer as far as I am aware of is no.

The problem is Microsoft constantly changes the IP addresses associated with its URLs. Therefore, using IP addresses is an effort in futility.

Share this post


Link to post
Share on other sites

FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times.

Share this post


Link to post
Share on other sites
15 hours ago, Marcos said:

FQDN in firewall rules is not currently supported. Even if it was in the future, such rules would be dependent on IP addresses retrieved from previous responses to DNS queries so they might not work at all times.

If DNS has problems then you have bigger problems.

Is this single mayor reason why ESET is not considering this feature?

Share this post


Link to post
Share on other sites
1 minute ago, bbahes said:

Is this single mayor reason why ESET is not considering this feature?

I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support.

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

I didn't say we were not considering it at all. All suggestions and wishes that users post here or report through local sellers are tracked for further evaluation. No definitive verdict has been made yet regarding FQDN support.

This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? 

Share this post


Link to post
Share on other sites
21 minutes ago, bbahes said:

This approach to firewall rules without FQDN has not changed since version 2.7 when I started using ESET products. Is this feature considered as something that's waiting for release or something that needs to be even evaluated as useful? 

It's on the wish list and has not been rejected nor accepted yet.

Share this post


Link to post
Share on other sites
On 1/3/2019 at 12:27 PM, Marcos said:

It's on the wish list and has not been rejected nor accepted yet.

Is there any way to upvote this feature on the wish list ?

Share this post


Link to post
Share on other sites
9 minutes ago, Nono said:

Is there any way to upvote this feature on the wish list ?

The more requests come from our partners / sellers for such feature, the higher it may get on the list.

Share this post


Link to post
Share on other sites
2 minutes ago, Nono said:

Is there any way to upvote this feature on the wish list ?

As far as I know, no. I asked them long time ago, will they offer https://www.uservoice.com/ but I did not get answer. 
 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×