Bypass SSL interception for Microsoft Office 365 URLs and IP address ranges

book

Article ID: 168857

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You need to bypass SSL interception for Microsoft Office 365 URLs or IP addresses from Symantec ProxySG or Symantec Advanced Secure Gateway (ASG).

Resolution

See Office 365 URLs and IP address ranges on Microsoft.com.

Note: Symantec has no control of the URLs and IP address ranges that Microsoft selects for its services.

Symantec Global Intelligence Network

If you are using the Symantec Global Intelligence Network (GIN), you can use Office 365 application objects to create easier policies for SSL Interception and Auth bypass.

Example of CPL code leveraging Office 365 app definitions (BCWF/BCIS required):

<ssl-intercept>
  condition=O365-Applications ssl.forward_proxy(no)

  <proxy>
  condition=O365-Applications authenticate(no)

define condition O365-Applications
request.application.name="Office 365 Skype for Business"
request.application.name="Office 365 Exchange Online"
request.application.name="Office 365 SharePoint"
request.application.name="Office 365 General"
request.application.name="Office 365 OneDrive"
request.application.name="Office 365 Yammer"
request.application.name="Office 365 Sway"
end condition O365-Applications