2 years ago, We acquired SANGOFR IAM m5200 hardware device (along with 3 years support/renewal bundle) as an replacement for Microsoft ISA/TMG 2010 product. It’s been 2 years since its acquisition & so far we have good experience with its usage. We tested few other products like Sophos, Fortigate & few other, but IAM was the closest replica for TMG replacement therefore we went for it. AS per our core requirements of Compliance/audit, IAM Logging details level is very impressive. It’s local support was very good and responsive & they helped us in initial demo & configuration.
As time will allow, I will try to add some guides/tips and notes for day to day task related to sangfor IAM.
Allow Office 365 / Outlook related connectivity to Particular AD Group.
In our office, all users are joined with Active Directory Domain. (there are multiple domain with cross forest trust in our company). We have allowed limited internet facility to particular active directory group only. This year we have moved away from on-prem Lotus domino email server to cloud base microsoft O365 solution, therefore we had to allow internet to every body who is now using Outlook. To limit the internet usage & after doing some extensive R&D & ‘internet activities’ lookup via sangfor , we created following ‘O365’ Object in URL DATABASE, and allowed it to AD group ‘Internet_for_O365_Group’ & associate outlook users to this group. This way users who doesn’t have internet facility can still use O365 related services in a controlled manner.
*.office365.com *.office.com *.office.net *.outlook.com *.microsoft.com *.onmicrosoft.com *.microsoftstream.com *.azure.net *.azureedge.net *.windows.net *.live.com *.atdmt.com *.ytimg.com *.windowsazure.com *.msftidentity.com *.msidentity.com *.microsoftonline.com *.msecnd.net *.msftauth.net *.msauth.net *.azure.com *.digicert.com *.agp.com.pk *.obsagp.com.pk *.msftconnecttest.com *.acompli.net *.sharepoint.com *.live.net *.onedrive.com *.msftstatic.com *.windows.com *.s-microsoft.com *.passport.net *.msocsp.com *.msftncsi.com *.msedge.net
More will be added as per time allow.
Regard’s
Syed Jahanzaib
Leave a Reply