Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OFFICE365 IP LIST

    Scheduled Pinned Locked Moved pfBlockerNG
    9 Posts 4 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jompigrande
      last edited by

      Hello everyone, we were using in the past the following list: https://support.content.office.net/en-us/static/O365IPAddresses.xml

      now seems that microsoft, that seems haves nothing better to do, bring down that service and its forcing us to use a new one:

      <update>
      Office 365 network IP Addresses and URLs are no longer available in XML format. You should transition to accessing the data in JSON format as described at http://aka.ms/ipurlblog. This was first announced on 2 April 2018 and the XML file was last updated on 22 September 2018.
      </update>

      anyone already found a solution for this?

      1 Reply Last reply Reply Quote 0
      • J
        jompigrande
        last edited by

        Theres a windows script:
        https://github.com/pandrew1/Office365-IPURL-Samples

        Generate-OldFirewall-XML.ps1 This sample is for customers who have a dependency on one of the old XML downloads that was provided for Office 365.

        maybe we can take this idea to generate a bsd script.....

        1 Reply Last reply Reply Quote 0
        • J
          jompigrande
          last edited by

          i made a custom php script to parse all ip addresses, but im having troubles to get into pfblocker i try as source http://127.0.0.1/o365.txt when script writes to /usr/local/www/o365.txt, even try http://FIREWALLIP/o365.txt, i can get the file from the lan, seems having no errors:
          13.107.6.152/31
          13.107.9.152/31
          13.107.18.10/31
          13.107.19.10/31
          13.107.128.0/22
          23.103.160.0/20
          23.103.224.0/19
          40.96.0.0/13
          40.104.0.0/15
          52.96.0.0/14
          111.221.112.0/21
          131.253.33.215/32
          132.245.0.0/16
          134.170.68.0/23
          150.171.32.0/22
          157.56.232.0/21
          157.56.240.0/20
          191.232.96.0/19
          191.234.140.0/22
          204.79.197.215/32

          [ pfB_OFFICE365 - O365 ] Download FAIL
          Firewall and/or IDS are not blocking download.

          any clue?

          1 Reply Last reply Reply Quote 0
          • J
            jompigrande
            last edited by

            i sorted and removed duplicates seems to be working now:

            [ O365 ] Downloading update .. completed ..
            Updating: pfB_OFFICE365
            1 addresses added.68 addresses deleted.

            1 Reply Last reply Reply Quote 0
            • JeGrJ
              JeGr LAYER 8 Moderator
              last edited by

              You can simply use:

              https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7

              as the URL in pfBlockerNG and get all worldwide IPv4 Addresses in JSON format. pfBlocker can actually parse that and extracts the IPs from it. Could be more IPs then you need in that case, but they are refreshed automatically and you won't have to maintain the list via custom scripts and/or API changes from MS ;)

              If someone knows how to edit that parameters to only get IPs related to Exchange/Office365 instead of including Sharepoint or other services, would be nice to know :)

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 1
              • J
                jompigrande
                last edited by

                @jegr said in OFFICE365 IP LIST:

                https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7

                Thanks, good to know!

                1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator
                  last edited by BBcan177

                  With pfBlockerNG-devel, it includes the jq json parsing application.

                  You can use that tool to slice and dice that O365 JSON file into a list of IPs:

                  Download the file:

                  fetch -o /tmp/o365 "https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7"
                  

                  List all O365 ServiceAreas:

                  jq -r '.[].serviceArea' /tmp/o365 | sort | uniq
                  
                  Common
                  Exchange
                  SharePoint
                  Skype
                  

                  Collect all IPs for the Exchange Service Area and aggregate the IPs using iprange:

                  jq -r '.[] | select(.serviceArea=="Exchange") | select(.ips) .ips[]' /tmp/o365 | iprange
                  

                  These are just examples... you can modify the commands to suit your needs.

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  BBcan177B 1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator @BBcan177
                    last edited by

                    Similar approach is available for Amazon AWS:

                    https://www.reddit.com/r/pfBlockerNG/comments/9vwkmm/ip_ranges_for_amazon_aws/

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    P 1 Reply Last reply Reply Quote 2
                    • P
                      PF_Fan01 @BBcan177
                      last edited by

                      @bbcan177 Hi, thanks for the pointer to the command to fetch and filter the json file. I was not able to work out how to use the commands in an IP alias in the firewall. Does it need to be used within the source for a pfBlockerNG > IP > IPv4 > "IPv4 Source Definitions" entry? If so, do you have any links to documentation that explains how to use it? Thanks,

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.