Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
scott_manley
New Contributor

Access to external OWA

Hello,

 

I need some help, I have a client on my network and their email server is a Outlook Web App exchange server, and I can't access the URL from my network. 

 

Thanks in advance. 

7 REPLIES 7
tanr
Valued Contributor II

You don't give much information to go on.

 

Are you doing deep SSL inspection?  I believe Outlook on Windows and Mac (and I think Outlook Web App) do certificate pinning when talking to Exchange servers, so they will fail if you are doing deep SSL inspection.  In one case I worked on (Outlook on Mac OSX) there was no good feedback to the user about what the problem was -- all I could find with debug logging turned on for Outlook was a bunch of SOAP errors.

 

If that's the case, you should be able to set up an SSL Inspection profile with an exception just for the URL they need to access (and preferably only the specific mail protocols).

 

 

Beyond that possibility, we probably need more details to give suggestions.  

FortiGate models and FortiOS version, logs and errors, etc.

scott_manley

Hi tanr,

Thanks for your reply. No I'm not using deep inspection. They were using a laptop hardlined into out LAN, and also tried on Wifi on their cell phone, which is outside the lan. Both failed to load the web page url. Is there a walk through for the SSL inspection profile setup for this? Im using a fortigte 100d, firmware v5.2.0. in NAT mode. 

 

SCSIraidGURU
Contributor

What does the logs show failed when the user tries to connect to the OWA?   You can search the log for the OWA server IP. 

scott_manley

Hello,

 

I was getting a timeout error, attached is the log info.

SCSIraidGURU

Have you considered setting up a IPv4 policy from that user to the OWA server IP address with security profiles disabled? 

scott_manley

Is that a major security risk? Is there a walk though that can give me a step by step?  

SCSIraidGURU

Do you trust the OWA site?  You are allowing a user behind your Fortinet device to log into a OWA web site under HTTPS?   How is this a security risk?   OWA server usually has anti-virus on it as part of Exchange.   You can enable virus and malware scanning on attachments being opened or downloaded.   

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors