Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Grom
New Contributor

Exclude Lync (Skype for business) traffic from SSL deep inspection

Hi all.

We have a problem with Lync conferences, they are not working if inspection is on, if we exclude specific addresses from inspection, it works, but we want to exclude all Lync traffic, haw can I do it. We have Fortigate 100E.  

 

sorry for my English

11 REPLIES 11
dmcquade
New Contributor III

Create Firewall Address objects for the URLs where the inspection is interferring. Add these objects to the exception list on your SSL Inspection profile. This is where wildcard FQDNs become very useful.

 

hth

d

Grom
New Contributor

That is the problem. My users have many meetings with a lot of different clients. And users very upset that they must to warn IT before each meeting. 

Hosemacht

Hey there,

 

just add a new willdcard fqdn adress with "*.lync.com" and add this to the exempt addresses in the refering ssl/ssh inspection Profile.

This works for me.

 

Regards

sudo apt-get-rekt

sudo apt-get-rekt
Grom
New Contributor

Sorry, but could you explain. All company's have there own domain names for Lync. How *.lync.com can helps me?

As I tested "*.companydomain.com" works, but only for this companydomain.com 

Hosemacht

are we talking about Skype for Business online plan or Skype for Business Server on promise?

sudo apt-get-rekt

sudo apt-get-rekt
Grom
New Contributor

We have on-premise Lync and most our clients too.

 

Hosemacht

ok if you are using fortios 5.6 or higher you can try adding a firewallpolicy only for the "Microsoft lync" application and without a ssl proxy.

sudo apt-get-rekt

sudo apt-get-rekt
Grom
New Contributor

Yes we use 5.6.0. Can you please explain how to do it or maybe give me some links with guides.

Sudarsan_Babu

Dear Grom,

Can you check Application control (Catergory like Collaboration) allow this category.  

Regards,

Sudarsan Babu P

Regards, Sudarsan Babu P
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors