We're having an issue where we're being asked for Certificate continuously when outlook is accessing office365. The Fortigate is configured in explicit mode, and we've setup a address group and included fqdn of office 365 and allowed it on explicit policy rule and disabled SLL inspection.
Like below:
edit "Clone of office365" set member 365_.microsoftonline-p.com 365_.microsoftonline.com 365_.onmicrosoft.com 365_.outlook.com 365_.public-trust.com 365_.sharepoint.com 365_.verisign.com 365_.verisign.net 365_appexsin.stb.s-msn.com 365_auth.gfx.ms 365_autodiscover 365_crl.microsoft 365_d.docs.live.net 365_evsecure-aia.verisign.com 365_evsecure-crl.verisign.com 365_evsecure-ocsp.verisign.com 365_go.microsoft.com 365_login.live.com 365_login.microsoftonline.com 365_m.webtrends.com 365_microsoft-my.sharepoint.com 365_ms.tific.com 365_msft.sts.microsoft.com 365_o15.officeredir.microsoft.com 365_odc.officeapps.live.com 365_odcsm.officeapps.live.com 365_office.microsoft.com 365_office15client.microsoft.com 365_officeimg.vo.msecnd.net 365_roaming.officeapps.live.com 365_sa.symcb.com 365_sd.symcb.com 365_smtp.office365.com 365_wer.microsoft.com outlook.office365.com outlook.office365.com.g.office365.com
set member 365_crl.microsoft 365_evsecure-ocsp.verisign.com 365_evsecure-aia.verisign.com 365_evsecure-crl.verisign.com evsecure-crl.verisign.com 365_sa.symcb.com 365_sd.symcb.com 365_office15client.microsoft.com 365_odc.officeapps.live.com 365_go.microsoft.com 365_login.microsoftonline.com 365_msft.sts.microsoft.com 365_odcsm.officeapps.live.com 365_microsoft-my.sharepoint.com 365_microsoft-my.sharepoint.com 365_ms.tific.com 365_roaming.officeapps.live.com 365_o15.officeredir.microsoft.com 365_office.microsoft.com 365_officeimg.vo.msecnd.net 365_m.webtrends.com 365_d.docs.live.net 365_login.live.com 365_auth.gfx.ms 365_wer.microsoft.com 365_appexsin.stb.s-msn.com 365_autodiscover
edit "365_crl.microsoft" set type fqdn set fqdn "crl.microsoft.com" next edit "365_evsecure-ocsp.verisign.com" set type fqdn set visibility disable set fqdn "evsecure-ocsp.verisign.com" next edit "365_evsecure-aia.verisign.com"
Allowed this on Explicit Proxy policy and removed SLL inspection, but we still get the Popup
Sunny
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.