Recently ran into an issue where the Fortigate was providing incorrect IP addresses for requests to Microsoft domains. This led to certificate errors in outlook and browser connections to portal.azure.com.
There appears to be some Reddit evidence of other users also seeing this issue:
Looks like the same IP that we saw (22.214.171.124) and Certificate (SubName = gaia.iphost.gr)
As a work-around you can change your FW DNS settings to point to a 3rd party DNS provider, but curious if other people are seeing this and/or how to keep it from happening while using FortiGuard services for DNS. (I believe this is a requirement to leverage DNS filtering)
This is, in my opinion, a poor response by Fortinet. It leans to a "not our fault" attitude, with a side helping of "not a big deal, after all it's 'mostly a temporary issue'", and a dash of "one possible reason" and "somehow", which is unacceptable. A proper response should contain exactly how it happened and what is being done to prevent such an incident again.
We fought this all day yesterday. We're seeing this in about 25% of our Fortigates in the field, but nowhere else outside of Fortigate protected environments. Changing DNS in the Fortigate seemed to help, but was still not 100%.
Hours with Microsoft have relayed this back to ISP issues, from their perspective.
With a packet capture we were able to see the issue lies with DNS queries that go through o365filtering.com/azure-dns.info and azure-dns.org specifically. DNS queries outside those name servers were fine.
If this continues, I'll simply start blocking DNS traffic to *.azure-dns.* as a next step.
Has anyone had any success with this yet? I've tried some of the suggestions but am still having random issues. Mainly internal sites that use AzureAD for SSO. I tried a DNS filter to block *.azure-dns* like @Gnester suggested, but that just throws up a red screen saying it's been blocked. Perhaps I didn't do something correctly.
In my case the FortiGuard DNS feature did not respect my switching DNS from Fortinet to public DNS in the firewall. The only way I could completely solve the issue was to set my internal DNS servers to forward to public DNS and completely remove Fortigate from the equation.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.