Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
James_G
Contributor III

Created on ‎11-17-2019 08:45 AM

Has anyone spotted any issues with internet service database (ISD) in 6.2.2

As title - not working for me in firewall policies

 

I have a ticket open, but wonder if anyone seen the same?

8239
0 Kudos
1 Solution
James_G
Contributor III
In response to boneyard

Created on ‎11-30-2019 05:12 PM

Logged support call, they pointed out behaviour changes in 6.2.2 (in release notes) where ISD is used for source addresses. I had to change the previous working config to a different ISD entry to get service back. The rule in question was for source addresses from Office 365 mail, had to change to a new entry called Office365.published.

View solution in original post

4620
0 Kudos
8 REPLIES 8
boneyard
Valued Contributor

Created on ‎11-29-2019 12:56 AM

didnt see an issue, how is it exactly not working?

4575
0 Kudos
James_G
Contributor III
In response to boneyard

Created on ‎11-30-2019 05:12 PM

Logged support call, they pointed out behaviour changes in 6.2.2 (in release notes) where ISD is used for source addresses. I had to change the previous working config to a different ISD entry to get service back. The rule in question was for source addresses from Office 365 mail, had to change to a new entry called Office365.published.
4621
0 Kudos
tanr
Valued Contributor II
In response to James_G

Created on ‎12-01-2019 09:23 AM

@James_G, can you give more detail on why you had to change?  Did you have a source port specified?  Or was something else going on?

 

From the release notes: Only IP and Protocol are matched and source port is ignored when ISDB is applied as source in policy.  But it seems like this wouldn't usually cause issues.

4575
0 Kudos
James_G
Contributor III
In response to James_G

Created on ‎12-03-2019 04:03 AM

Cut / paste from Fortinet support:

 

The root cause is that ISDB uses 3 parameters (protocol, port and IP address) to identify a service. In most cases, it is correct. Unfortunately, it is not true for the Office365 case as a source. As TCP traffic usually selects a random port as source port. So, we just ignore the port when identifying an Internet service as source. As an example, the traffic is simplified to <6, 0, 104.47.12.50> from <6, 38045, 104.47.12.50>. In the ISDB, this <6, 104.47.12.50> matches another internet service 327880. So, the traffic is getting recognized as 327880. Therefore, we are having an unmatched case.

4575
0 Kudos
boneyard
Valued Contributor
In response to James_G

Created on ‎12-05-2019 09:57 AM

when would you use Office365 as a source?

4575
0 Kudos
James_G
Contributor III
In response to boneyard

Created on ‎12-05-2019 10:55 AM

Office 365 hybrid setup, the cloud based components need access to the on prem exchange ews virtual directory, but I want to prevent access to this resource from anywhere else on the net.
4575
0 Kudos
boneyard
Valued Contributor
In response to James_G

Created on ‎12-05-2019 11:05 AM

ah interesting way to use it. would think that many of the IPs are just for incoming traffic towards Office.365, but i assume enough of them did work for this setup?

4575
0 Kudos
James_G
Contributor III
In response to boneyard

Created on ‎12-05-2019 11:15 AM

It's not perfect, the source could be from one of 40,000 IP address, but at lease them 40,000 IP address are from a trusted source (ish) and we prevent the other 4 billion address from getting access. No way to narrow this down further as the source totally changes time to time, as o365 tennents get moved around data centers.
4575
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.