FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jskrivan_FTNT
Description
When accessing some cloud applications and services, such as Microsoft Office 365, Exchange Online, SharePoint Online or Lync Online, there may be issues experienced in the functionality of those cloud apps.
 
This may happen due to the fact that the client PC is connected behind a FortiGate firewall, which may be configured too restrictively with rules to filter network traffic, which is required for the proper operation of these cloud services.
 

Scope
FortiGate units with FortiOS firmware versions 4.00 MR3 or 5.0.x
 

Solution
Solution to this issue is to create a set of exception rules in the URL filter, and link these exceptions to a Webfilter profile.
Also, IP address related exceptions may be considered, in order to be included in firewall policies.
 
For the detailed list on which URLs or IP addresses are used with particular cloud applications or services, please consult the documentation of these cloud services.
 
 
How to write the URL or domain name specification into a regex - regexp notation
 
As an example, for the purpose of creating an URL filter rule, the domain *.fortinet.com could be written in the regex notation the following way:
 
     (http|HTTP|https|HTTPS)\:\/\/[a-z|A-Z|0-9]*\.fortinet\.com
 
 
The URL filter rule would look like this from the CLI:
 
edit "(http|HTTP|https|HTTPS)\\:\\/\\/[a-z|A-Z|0-9]*\\.fortinet\\.com"
   set action allow
   set type regex
next
   
 
Additional information for Microsoft cloud applications
 
At the time of this writing, the relevant information about domain names and IP address ranges was accessible at the Microsoft Online Help website at http://onlinehelp.microsoft.com/ , and on the Microsoft TechNet Library website at http://technet.microsoft.com/library/ .
 
Particularly, following articles might be considered useful. Please note, that these URLs may change at any time. Please use your Internet search engine if necessary, or contact your provider of cloud services.
 
 
Ports and protocols used by Office 365
http://technet.microsoft.com/en-us/library/hh852522.aspx
 

Internal Notes
This external KB article was created based on internal KB articles FD34758 and FD34806.
 

Contributors