Important! Microsoft has put a moratorium on IP changes until at least June 30, 2020.
The recommendation is to use IP-based split tunneling rules to exclude for the following services:
For updates on the policies, please subscribe to the following URLs (for when changes may occur, both during this time of crisis and in the future):
To configure split tunneling for excluding the above sites:
- Login to the PCS appliance
- Navigate to Users > Resource Policies > VPN Tunneling > Split tunneling Networks
- Create a new policy
- Set a policy name
- The IPv4 addresses to set are:
104.146.128.0/17
13.107.128.0/22
13.107.136.0/22
13.107.18.10/31
13.107.6.152/31
13.107.64.0/18
131.253.33.215/32
132.245.0.0/16
150.171.32.0/22
150.171.40.0/22
191.234.140.0/22
204.79.197.215/32
23.103.160.0/20
40.104.0.0/15
40.108.128.0/17
40.96.0.0/13
52.104.0.0/14
52.112.0.0/14
52.120.0.0/14
52.96.0.0/14
The IPv6 addresses to set are:
2603:1006::/40
2603:1016::/36
2603:1026::/36
2603:1036::/36
2603:1046::/36
2603:1056::/36
2603:1096::/38
2603:1096:400::/40
2603:1096:600::/40
2603:1096:a00::/39
2603:1096:c00::/40
2603:10a6:200::/40
2603:10a6:400::/40
2603:10a6:600::/40
2603:10a6:800::/40
2603:10d6:200::/40
2620:1ec:4::152/128
2620:1ec:4::153/128
2620:1ec:8f0::/46
2620:1ec:8f8::/46
2620:1ec:900::/46
2620:1ec:908::/46
2620:1ec:a92::152/128
2620:1ec:a92::153/128
2620:1ec:c::10/128
2620:1ec:c::11/128
2620:1ec:d::10/128
2620:1ec:d::11/128
2a01:111:f400::/48
2a01:111:f402::/48
- Define the roles that should use this policy
- Set the action to Exclude (This will exclude only these IPs from the tunnel and send all other traffic to the corporate network)
- Click Save Changes
- Navigate to Users > User Roles > roleName > VPN Tunneling > Options (This should be done for reach role listed in the split tunneling networks policy)
- Set the option for Split Tunneling to Enabled
- Click Save Changes
Note: If a proxy is being used, the Office 365 host names will need to be defined as excluded from the proxy so that the VPN tunneling policy that allows direct access can be used
The attached XML file is configured with a sample entry of the above. It is configured for all roles but will not impact any role until split tunneling has been enabled.
To import, please perform the following steps:
- Save the file to your local system
- Login to the PCS
- Navigate to Maintenance > Import/Export > Import XML
- Click Browse
- Navigate to the XML file and select it
- Click Import