danto
New Contributor

Allow access to office 365

Hi, I have a strange situation. I have to implement webfilter to a client and he wants to inspect HTTPS traffic as well. The problem is that once the web filter is applied to HTTPS as well the client' s mail(the use office365) and Lync doesn' t work, because they use HTTPS ports as well. I want to create a rule for the specific traffic that the webfilter profile should not be used, but there is no specific address or fqdn for the destination, as the user configure their outlook to connect to autodiscover.client.com and the server is not always the same. I have raised a ticket to microsoft for the list of the servers and the answer came like this: *.microsoftonline.com *.microsoftonline-p.net *.microsoftonline-p.com *.microsoftonlineimages.com *.microsoftonlinesupport.net¹ *.msecnd.net *.msocdn.com *.office.net *.office365.com *.officeapps.live.com *.outlook.com Any ideea how to bypass the inspection? Thanks.
There is no patch for human stupidity...
11 REPLIES 11
NeilG

You revived a post from 2013?

 

No, now adays the pattern is to re-categorize the URL's into a custom category of your own choice. I never use the prebuilt custom1 and custom2, I always create useful custom categories.

 

So its common for me to have a Custom-O365services category with

companyname.sharepointonline.com

companyname-my.sharepointonline.com

login.microsoftonline.com

login.live.com

outlook.office365.com

outlook.office.com

wns.window.com

officeclient.microsoft.com

...

etc.

(I can't keep them all in my head)

 

https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-security-profiles/Web_Filter/Overrid...

 

Micky182
New Contributor

Hi danto, did you enabled the deep inspection on SSL inspetion?

if yes from webfilter you should exempt URL also for https traffic from Static URL Filter. 

You need to create a new rule and pass the action "exempt" and then "enable" the rule.