Syed Jahanzaib Personal Blog to Share Knowledge !

January 2, 2022

SANGFOR IAM – Short Notes

Filed under: SANGFOR — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 7:25 PM

2 years ago, We acquired SANGOFR IAM m5200 hardware device (along with 3 years support/renewal bundle) as an replacement for Microsoft ISA/TMG 2010 product. It’s been 2 years since its acquisition & so far we have good experience with its usage. We tested few other products like Sophos, Fortigate & few other, but IAM was the closest replica for TMG replacement therefore we went for it. AS per our core requirements of Compliance/audit, IAM Logging details level is very impressive. It’s local support was very good and responsive & they helped us in initial demo & configuration.

As time will allow, I will try to add some guides/tips and notes for day to day task related to sangfor IAM.

Allow Office 365 / Outlook related connectivity to Particular AD Group.

In our office, all users are joined with Active Directory Domain. (there are multiple domain with cross forest trust in our company). We have allowed limited internet facility to particular active directory group only. This year we have moved away from on-prem Lotus domino email server to cloud base microsoft O365 solution, therefore we had to allow internet to every body who is now using Outlook. To limit the internet usage & after doing some extensive R&D & ‘internet activities’ lookup via sangfor , we created following ‘O365’ Object in URL DATABASE, and allowed it  to AD group ‘Internet_for_O365_Group’ & associate outlook users to this group. This way users who doesn’t have internet facility can still use O365 related services in a controlled manner.


*.office365.com
*.office.com
*.office.net
*.outlook.com
*.microsoft.com
*.onmicrosoft.com
*.microsoftstream.com
*.azure.net
*.azureedge.net
*.windows.net
*.live.com
*.atdmt.com
*.ytimg.com
*.windowsazure.com
*.msftidentity.com
*.msidentity.com
*.microsoftonline.com
*.msecnd.net
*.msftauth.net
*.msauth.net
*.azure.com
*.digicert.com
*.agp.com.pk
*.obsagp.com.pk
*.msftconnecttest.com
*.acompli.net
*.sharepoint.com
*.live.net
*.onedrive.com
*.msftstatic.com
*.windows.com
*.s-microsoft.com
*.passport.net
*.msocsp.com
*.msftncsi.com
*.msedge.net

More will be added as per time allow.

Regard’s
Syed Jahanzaib

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: