Description |
This article describes the scenario when a user is facing an issue with the connection to MS Outlook freezing. |
Scope | FortiGate. |
Solution |
Firewall security policy uses FQDN outlook.com as a destination address. For public cloud services, it is better to use Internet service instead of FQDN.
When the security policy has enabled the 'all session' log, get the deny log destination address, and search the ISDB group by the IP address. Take IP 20.105.73.143 as an example:
diagnose internet-service match root 20.105.73.143 255.255.255.255
Internet Service: 327786(Microsoft-Azure), matched entry num: 2, matched num: 2 Internet Service: 327681(Microsoft-Web), matched entry num: 4, matched num: 4 Internet Service: 327682(Microsoft-ICMP), matched entry num: 2, matched num: 2 Internet Service: 327683(Microsoft-DNS), matched entry num: 2, matched num: 2 Internet Service: 327684(Microsoft-Outbound_Email), matched entry num: 4, matched num: 4 Internet Service: 327686(Microsoft-SSH), matched entry num: 1, matched num: 1 Internet Service: 327687(Microsoft-FTP), matched entry num: 2, matched num: 2 Internet Service: 327688(Microsoft-NTP), matched entry num: 2, matched num: 2 Internet Service: 327689(Microsoft-Inbound_Email), matched entry num: 4, matched num: 4 Internet Service: 327694(Microsoft-LDAP), matched entry num: 4, matched num: 4 Internet Service: 327695(Microsoft-NetBIOS.Session.Service), matched entry num: 2, matched num: 2 Internet Service: 327696(Microsoft-RTMP), matched entry num: 2, matched num: 2 Internet Service: 327704(Microsoft-NetBIOS.Name.Service), matched entry num: 1, matched num: 1 Internet Service: 327680(Microsoft-Other), matched entry num: 2, matched num: 2
Change from FQDN to the above ISDB in firewall security policy, prefer to ISDB relative to email, for example, Microsoft-Azure, Microsoft-Outbound_Email, Microsoft-Inbound_Email. The traffic will be allowed.
Related article: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.