Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GHGIT
New Contributor

Created on ‎06-23-2021 12:00 PM

Allow only inbound traffic from Microsoft o365 to hybrid Exch server?

Hello,

We are moving to a hybrid model for our Exchange system.  The Exchange server that is going to be the link between on-prem and cloud has to have a public static IP address.  Normally, when we allow traffic in from the outside to a server we restrict the ip range that can enter by using a address group on the source portion of the IPv4 policy.  If I am correct in my research at Microsoft this is around 200 FQDN's including some wildcards.  Wildcards don't make sense in this use because you can't do a dns lookup on a wildcard name - there could be an infinite number of subdomains.  I'm sure I'm not the only Fortinet user with a hybrid model so what do you suggest?  I just hate the thought of opening up the server to the whole world.

 

Thanks for any help!

 

3262
1 REPLY 1
GrahamRollerson
New Contributor

Created on ‎10-27-2021 01:27 AM

Hi GHGIT - did you ever get an answer to this? We have the same challenge but i cant find anything (so far) on the Forti site detailing best practice on how to implement a solution. 

 

cheers

Graham

2607
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.