Description
This article explains how to exempt the Microsoft OneDrive application through FortiGate when SSL deep inspection is enabled in policy.
Solution
Microsoft OneDrive application may experience a sync issue when SSL deep inspection is applied in policy on the FortiGate.
In order to exempt the OneDrive from SSL deep inspection, make sure to include the following domains in the exemptions list.
Steps:
1) Create address objects: browse to Policy & Objects -> Addresses -> Create New -> Address -> Type -> Wildcard FQDN
Create a wildcard FQDN for all addresses as follows. Choose any name then type the address in the wildcard FQDN field. Repeat this operation to create all the addresses one by one.
*.live.com
*.microsoft.com
*.sharepoint.com
*.svc.ms
*.windows.net
*.windows.com
*.microsoftonline.com
*.microsoftonline-p.com
*.onedrive.com
2) Create an address group: browse to Policy & Objects -> Addresses -> Create New -> Address Group
Then select the address object created in step 1.
3) Select the address group in the SSL deep inspection profile:
4) Then apply the SSL profile to the policy if it is not applied.
