WebFilter is blocking a lot of traffic to the following URL.
It looks like it's Microsoft traffic, but the category is (Uncategorized).
Is this a feature that FortiGate is designed to block?
http://48.210.69.87/filestreamingservice/files/xxxxxxxxxxxxxxxxxxx==&cacheHostOrigin=1D.tlu.dl.delivery.mp.microsoft.com
("xxxxxxxxxxxxxxxxxxx" is a random string)
FortiOS 7.0.15
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @suzuye ,
Please check what category the URL belongs to here:
https://www.fortiguard.com/webfilter
I can see that "48.210.69.87" belongs to "Not Rated" category (NOT Uncategorized)
You can submit a request to categorize this URL:
https://www.fortiguard.com/faq/wfratingsubmit?url=48.210.69.87
Meanwhile, you may check this KB article on how to override the web rating for the specific URL:
Hi, dingjerry_FTNT
Thank you for the information.
I knew about the following request method.
https://www.fortiguard.com/faq/wfratingsubmit
I have made several requests using this method and been categorized, but the address part of "48.210.69.87" changes frequently.
At times, I have made requests 2-3 times in a week.
Is there no other way than to continue this process forever?
In addition, the address part changes frequently, and there seem to be various patterns for the "1D.tlu.dl.delivery.mp.microsoft.com" part, as shown below.
officecdn.microsoft.com
2.tlu.dl.delivery.mp.microsoft.com
tlu.dl.delivery.mp.microsoft.com
・
・
・
Thank you in advance.
Hi @suzuye ,
My guess is that the IP 48.210.69.87 might belong to a shared server and not under your control.
If so, you may not request recategorizing it. You may consider using the custom category or the static URL Filter to exempt it:
Hi, dingjerry_FTNT
Thank you for the information.
As a test, I set "*.mp.microsoft.com" as an exclusion in the static URL filter.
It seems that it is no longer blocked, but the log shows a lot of "passthrough" and it is hard to read.
It seems that communications that were not blocked due to correct categorization are also shown in the log as excluded targets.
In the end, since the log was hard to read, I deleted the "*.mp.microsoft.com" exclusion.
Thank you in advance.
Hi @suzuye ,
If you want to allow "*.mp.microsoft.com" via the URL Filter and skip the FortiGuard category checking, please set the action to Exempt in the URL Filter configuration.
Hi, dingjerry_FTNT
Sorry, earlier we had set it to "Exempt," but a large number of "passthrough" occurrences were observed.
It seems that the translation was not done properly by Google.
"WebFilter" has been acting up since Saturday, so that may be the cause of the incorrect categorization.
I'll wait and see for a few days.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.