USG40: How to enable firewall for MS Office and Teams?

tesagig
tesagig Posts: 56  Ally Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
By default I deny any outbound traffic. My strategy so far was to enable ports though \SecurityPolicy\Policy Control and using my own service groups.

Is there any other way for apps with more port needs? i.e. I am noticing Teams and Office under "Applications".
However, I don't know how to use applications to open ports.

All Replies

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2020

    From what I can tell MS Office and Teams uses STUN which is a pain for firewalls unless you can forward to a fixed port otherwise your strategy (like I do) means you have to allow all outgoing ports!

    Two things could fix this that I have suggested in ideas ALG for STUN and Source port for firewall Policy control.

    So what you can do is run MS Office and Teams and check what ports are blocked to then allow them and make Virtual Server rules if needed.

    To know if it TCP or UDP in logs



  • tesagig
    tesagig Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector
    thanks. I know there lots of ports ranges.
    I was hoping that Zyxel had a predefined rule.

    BTW. What are applications used for?
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited May 2020
    @tesagig
    Thanks for PeterUK suggestion, your probably enable all outgoing ports of your scenario. Also, the traffic of MS Office and Teams are also related port 443 or 80.
    Therefore, the device does not support on this scenario currently.
    However, I would like to move your request to Idea section.
    Once the ideas get lots of Likes, we will give it to our product developers to have them evaluated and tell you the feedback.

Security Highlight