IBM Support

PLEASE READ: MaaS360 M1 Platform to utilize Akamai Kona Technology - Possible Customer Impact!

News


Abstract

MaaS360 M1 Platform (account IDs beginning with the number 1) is planning to utilize Akamai's Kona Technology, which is an industry-leading web application firewall (WAF) and distributed denial-of-service (DDoS) protection solution. Akamai's Kona Technology guards MaaS360 applications against the largest and most sophisticated attacks. It delivers proprietary rule sets and detection logic honed from Akamai's experience and investment in defending against the latest cyberattacks.

Content

MaaS360 M1 Platform is planning to utilize Akamai's Kona Technology, which is an industry-leading web application firewall (WAF) and distributed denial-of-service (DDoS) protection solution. Akamai's Kona Technology, guards MaaS360 applications against the largest and most sophisticated attacks. It delivers proprietary rule sets and detection logic honed from Akamai's experience and investment in defending against the latest cyberattacks.
 
Akamai's Kona Technology inspects web traffic and API requests using proprietary WAF rules with high accuracy. Automated rate controls block application traffic that exceeds our defined thresholds to defend against application-layer DDoS attacks.
 
IMPACT : December 4, 2020
Customers who currently have firewall rules open specifically to MaaS360 IP addresses, will need to open the default https protocol (TCP port 443) to the MaaS360 services hostnames listed in the tables below and also keep the existing MaaS360 IP addresses/hostnames to connect to MaaS360 services. We are moving away from specific IP addresses to hostnames for high availability and easy scale. 
 

MaaS360 Cloud Extender application communicates with MaaS360 services on TCP port 443. Firewall configurations that restrict outbound access to MaaS services with rules using destination IP addresses or IP address ranges aren't not supported, since these may change over time to maintain our service's high availability. Please reach out to support if any concerns.

Organizations using SSL filtering should also need to allowlist the below MaaS360 services hostnames.

 
ACTION
Customers who currently have firewall rules will need to add below mentioned domain to firewall rules.
M1 Instance Services URL : Below are all service URL's for the MaaS360 Platform Domains : Include below domain if you block Any and configure to allow outbound access to MaaS360 IPs from your devices before December 4, 2020
https://services.fiberlink.com fiberlink.com
https://mpns.maas360.com maas360.com
https://dmpns.maas360.com maas360.com
https://apis.m1.maas360.com m1.maas360.com
TEST NETWORK CONNECTIVITY

Test network connectivity between your CE server and MaaS360 services

Access below test url from your CE server to verify the network connection test.

Test Url :  M1 customers https://stest.m1.maas360.com/status.html 

Expected Result : "You have successfully connected the server "

M1POSITIVE

NETWORK TEST USING PROXY 

If you have proxy please follow below to update proxy settings in browser and access test url for network test.

Step 1 : Open browser - Settings - Internet Options

Step 2 : Go to Connections Tab and click LAN Settings to add proxy details

Step 3 : Add your proxy details and click OK and Apply

Add your proxy settings in IE browser and access below test url for connection test.

Test Url : M1 customers https://stest.m1.maas360.com/status.html 

Expected Result : "You have successfully connected the server

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
02 November 2020

UID

ibm16347900