FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ahameed
Staff
Staff

Description
This article explains how to exempt the Microsoft OneDrive application through FortiGate when SSL deep inspection is enabled in policy.

Solution

 

Microsoft OneDrive application may experience a sync issue when SSL deep inspection is applied in policy on the FortiGate.

In order to exempt the OneDrive from SSL deep inspection, make sure to include the following domains in the exemptions list.

Steps:

1) Create address objects: browse to Policy & Objects -> Addresses -> Create New -> Address -> Type -> Wildcard FQDN

 
Create a wildcard FQDN for all addresses as follows. Choose any name then type the address in the wildcard FQDN field. Repeat this operation to create all the addresses one by one.

 

 

*.live.com
*.microsoft.com
*.sharepoint.com
*.svc.ms
*.windows.net
*.windows.com
*.microsoftonline.com
*.microsoftonline-p.com
*.onedrive.com

 2) Create an address group: browse to Policy & Objects -> Addresses -> Create New -> Address Group

 Then select the address object created in step 1.

 3) Select the address group in the SSL deep inspection profile:
 

 

4) Then apply the SSL profile to the policy if it is not applied.



Contributors