Forum Discussion
split tunneling
Hi
every 2 weeks Teams client get updated with new features, is it possible to receive update traffic via Internet using split tunneling instead of routing via VPN
which IP Address/port/protocol is used for update
- Hi,
Yes, you can find all addresses used by Teams here:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#skype-for-business-online-and-microsoft-teams
The updates will be downloaded from here statics.teams.microsoft.com (52.113.194.132) that is included in the address scope listed on the page linked above.
For Teams the download of the updates is not that important to go outside of the VPN tunnel, it is more important that audio and video is not routed via VPN. But if you setup split tunnelling using the addresses in the link above you will route all Teams traffic outside of your VPN tunnel.
3 Replies
- Hi,
Yes, you can find all addresses used by Teams here:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#skype-for-business-online-and-microsoft-teams
The updates will be downloaded from here statics.teams.microsoft.com (52.113.194.132) that is included in the address scope listed on the page linked above.
For Teams the download of the updates is not that important to go outside of the VPN tunnel, it is more important that audio and video is not routed via VPN. But if you setup split tunnelling using the addresses in the link above you will route all Teams traffic outside of your VPN tunnel.Hi,
That answer is incorrect unfortunately, the update is delivered from the statics.teams.cdn.office.net URL, an example is:
https://statics.teams.cdn.office.net/production-windows-x64/1.3.00.13565/Teams-1.3.00.13565-full.nupkg
The update URL uses Akamai's CDN which has a wide range of underlying IP address's, and are certainly not within the 52.112.0.0/14 range. The only reliable way to split tunnel this traffic would be to allow split tunnelling to the whole internet with a 0.0.0.0/0 which may or may not be an option for you, it would depend entirely on your VPN infrastructure and security requirements.
Microsoft do not make things easy!
- Thanks!, we have identified same
