IBM Support

PLEASE READ: MaaS360 M4 Platform to utilize Akamai Kona Technology - Possible Customer Impact!

News


Abstract

MaaS360 M4 Platform (account IDs beginning with the number 4) is planning to leverage Akamai's Kona Technology, which is an industry-leading web application firewall (WAF) and distributed denial-of-service (DDoS) protection solution. Akamai's Kona Technology guards MaaS360 applications against the largest and most sophisticated attacks. It delivers proprietary rule sets and detection logic honed from Akamai's experience and investment in defending against the latest cyberattacks.

Content

MaaS360 M4 Platform is planning to leverage Akamai's Kona Technology, which is an industry-leading web application firewall (WAF) and distributed denial-of-service (DDoS) protection solution. Akamai's Kona Technology, guards MaaS360 applications against the largest and most sophisticated attacks. It delivers proprietary rule sets and detection logic honed from Akamai's experience and investment in defending against the latest cyberattacks.
 
Akamai's Kona Technology inspects web traffic and API requests the use proprietary WAF rules with high accuracy. Automated rate controls block application traffic that exceeds our defined thresholds to defend against application-layer DDoS attacks.
 
IMPACT: 6 June 2022
Customers who currently have firewall rules open specifically to MaaS360 IP addresses, need to open the default https protocol (TCP port 443) to the MaaS360 services hostnames listed in the tables below and also keep the existing MaaS360 IP addresses/hostnames to connect to MaaS360 services. We are moving away from specific IP addresses to hostnames for high availability and easy scale. 
 

MaaS360 Cloud Extender application communicates with MaaS360 services on TCP port 443. Firewall configurations that restrict outbound access to MaaS services with rules that use destination IP addresses or IP address ranges are not supported, since IP addresses will change over time to maintain our service's high availability. Reach out to support if any concerns.

Organizations that use SSL filtering should also need to allowlist the below MaaS360 services hostnames.

 
ACTION
Customers who currently have firewall rules need to add below mentioned domain to firewall rules.
M4 Instance Services URL: Below are all service URL's for the MaaS360 Platform Domains: Include below domain if you block Any and configure to allow outbound access to MaaS360 IP Addresses from your devices before 6 June 2022.
https://services.m4.maas360.com m4.maas360.com
https://mpns.m4.maas360.com m4.maas360.com
https://dmpns.m4.maas360.com m4.maas360.com
https://apis.m4.maas360.com m4.maas360.com
TEST NETWORK CONNECTIVITY

Test network connectivity between your CE server and MaaS360 services

Access below test url from your CE server to verify the network connection test.

Test Url:  M4 customers https://stest.m4.maas360.com/status.html 

Expected Result: "You have successfully connected the server "

stest m4

NETWORK TEST THAT USE PROXY 

If you have a proxy, follow below steps to update proxy settings in browser and access test url for network test.

Step 1: Open browser - Settings - Internet Options

Step 2: Go to Connections Tab and click LAN Settings to add proxy details

Step 3: Add your proxy details and click OK and Apply

Add your proxy settings in IE browser and access below test url for connection test.

Test Url: M4 customers https://stest.m4.maas360.com/status.html 

Expected Result: "You have successfully connected the server"

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
08 April 2022

UID

ibm16570577