Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GHGIT
New Contributor

Allow only inbound traffic from Microsoft o365 to hybrid Exch server?

Hello,

We are moving to a hybrid model for our Exchange system.  The Exchange server that is going to be the link between on-prem and cloud has to have a public static IP address.  Normally, when we allow traffic in from the outside to a server we restrict the ip range that can enter by using a address group on the source portion of the IPv4 policy.  If I am correct in my research at Microsoft this is around 200 FQDN's including some wildcards.  Wildcards don't make sense in this use because you can't do a dns lookup on a wildcard name - there could be an infinite number of subdomains.  I'm sure I'm not the only Fortinet user with a hybrid model so what do you suggest?  I just hate the thought of opening up the server to the whole world.

 

Thanks for any help!

 

1 REPLY 1
GrahamRollerson
New Contributor

Hi GHGIT - did you ever get an answer to this? We have the same challenge but i cant find anything (so far) on the Forti site detailing best practice on how to implement a solution. 

 

cheers

Graham

Labels
Top Kudoed Authors