Manual Chapter :
Using the Office 365 URL Updater
Applies To:
Show VersionsF5 SSL Orchestrator
- 17.0.0
Using the Office 365 URL Updater
Before you begin, you will need to have BIG-IP
devices with the SSLO service discovered and imported. You will also need to ensure that
all devices you wish to add to the Office 365 fetch schedule run the same SSLO RPM
version.
To configure the fetch schedule and Office 365 URL
categories, do the following:
- Navigate toat the top right. It appears as a link when you do not have a topology configured and an icon when you do.
- ForFrequency, specify how often you would like to fetch O365 URL categories. Select a cadence ofDaily,WeeklyorMonthlyfrom the dropdown menu and its corresponding time values.
- Daily: Specify the time in a 24-hour format, HH: MM.
- Weekly: Select the day you want to run the report and the time in a 24-hour format.
- Monthly: Select a number for the day of the month you want to run the report and the time in a 24-hour format.
- To authorize SSLO to fetch O365 URL categories on clickingSave, select the checkboxFetch Now.
- Specify anEndpointfrom the dropdown menu from which to fetch the URL categories.
- Select theUse required URLs onlycheckbox to fetch the minimum required URLs for O365 connectivity. Not selecting this option fetches all URLs, including the minimum required ones.
- ForInclude URLs, enter a URL not categorized as an O365 URL that you would like to fetch. Then, add additional URLs using the+icon.
- To exclude URLs or domain extensions from this fetch, enter the URL or extension in theExclude URLs.For example, if you want to exclude google.com from your fetch and all addresses ending in .net, entergoogle.comin the field, select the+icon to add an additional line. Then, on the next line, enter.net.
- Select theCreate IP Datagroupscheckbox to create IP data groups consisting of IP addresses after fetching URLs.
- ForExclude IPs, enter IP address that you would like to omit from this fetch request. Add additional IP addresses using the + icon.
- From theTrusted Certificate Authoritylist, choose a trusted certificate authority.
- None: Specifies that no CA is trusted for server-side processing.
- ca-bundle: Uses theca-bundle.crtfile, which contains all well-known public certificate authority (CA) certificates for server-side processing.
- default: Specifies that the trusted CA for server-side processing is the default certificate on the system.
- In the O365 Categories section, specify whether you want to create a single URL data set and/or separate data sets for O365 Optimize/Default/Allow categories.
- Default: If you add theDefaultcategory to a policy, the package will be inspected.
- All: If you fetchAllcategories, you can add URLs from all categories to a security policy. TheAlloption is not editable and is selected by default. The BIG-IP will always create a data set containing all O365 URLs.
- Optimize: If you select theOptimizecategory to add to a security policy, you choose to optimize traffic speed for critical Microsoft endpoints such as Outlook and Sharepoint.
- Allow: If you add theAllowcategory of O365 URLs to a security policy, the traffic will not be inspected.
Refer Office 365 endpoint categories for more information. - Select the service area from which you would like to fetch URLs. Available options areCommon,Exchange,Sharepoint, andSkype. TheCommonoption is not editable and is selected by default. The BIG-IP will always fetch the common O365 URLs.
- TheRun Informationsection displays the last run time, the upcoming run schedule, and the current status of the O365 URL update.
- SelectSaveto save this schedule.
After finishing configuration, you can add the
Office 365 URL categories to a security policy rule when the network traffic matches all
categories. You can then deploy the security policy on target BIG-IP devices.