Hi Jon,

you could of course try to add some heuristic, in the end the used IPs are a smaller sub-set. But to just quote from the official docs, it seems to be pretty clear:

"You need to open ports for all these IP address ranges in your firewall to allow incoming and outgoing traffic to and from the addresses for signaling."

Cheers,

Henning


From: Jon Bonilla (Manwe)
Sent: Monday, February 20, 2023 15:49
To: Henning Westerholt; Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] OT: MS Teams source IP address ranges

El Mon, 20 Feb 2023 13:06:30 +0000
Henning Westerholt <hw@gilawa.com> escribió:

> Hello,
>
> correct me if I am wrong, but the second group of addresses ("/16") is
> included in the first group ("/14"), right?
>
> Regarding the large IP scope, this is the way Microsoft designed it,
> unfortunately. There is not that much what you can do about.
>
>


Right. Didn't check the masks. they all were 16 in my mind :)


So, if I add those ranges in the permissions table my only way of avoiding
spoofed calls is certificate validation? I'm already doing that and also
checking the company domain and ms account email address. Just wanted to be
sure that nothing "essential" was missing.



--
PekePBX, the multitenant PBX solution
https://pekepbx.com