Meraki firewall blocked Office365 traffic as an intrusion attempt – Cloud – Security

A Microsoft Office365 user behind a Cisco Meraki firewall found that the service was inaccessible after a security vendor inadvertently blocked legitimate traffic.

As reported in , the firewall was identifying legitimate traffic as a denial of service attack attempt against Windows IIS. This Reddit post.

“We have a Meraki firewall and since this morning Meraki has been blocking valid Microsoft IPs in Security Center. The SNORT rule details is “Microsoft Windows IIS Denial of Service Attempt” and the destination IP was Microsoft,” the post said.

SNORT is an open source signature-based intrusion prevention system.

Perhaps due to the timing of the issue, the first reports of the outage were from the Europe, Middle East, Asia (EMEA) region as Microsoft’s 365 Status Twitter account. I got it.

“We are investigating an issue preventing some users in the EMEA region from connecting to some Microsoft 365 services,” the tweet said.

Microsoft later said: “We are working with our firewall partners to investigate SNORT rule 1-60381.

“We have received confirmation from some affected users that disabling the rule immediately fixes the issue.”

Meraki agreed This issue was caused by a new SNORT rule.

“SNORT is working as intended because it correctly protects the network against known vulnerabilities.”

Affected services include Exchange Online, Microsoft Teams, Outlook desktop client, and OneDrive for Business.

Three hours later, Meraki said, [US Pacific Standard Time]”