Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ian_Harrison
New Contributor

Internet Service Database and IP addresses

Hi

 

With v5.6 I can now create policy rules that allow access for users based upon 'Internet Service Database' objects. Currently, I get notified from Microsoft about changes to the IP addresses they use for Office 365 etc.

 

Question: How up to date are the ISD objects and do they keep up to date with IP changes from Microsoft? This also applies to other providers such as Apple, Adobe etc.

 

More info from Microsoft: https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-Office-365-endpoint-categories-and...

 

Thanks

 

Ian

Web: www.activatelearning.ac.uk Twitter: twitter.com/activate_learn Facebook: facebook.com/Activate-Learning
5 REPLIES 5
romanr
Valued Contributor

Hey,

 

using ISDB rules was one of the main reasons for us to upgrade several installations to 5.6 for some of our customers - as we had to maintain the MS adresses regularily.

 

We did not see any troubles using ISDB adress objects for O365 and Skype4Business. For us this seems completely accurate.

 

Br,

Roman

daac
New Contributor

Hello Could you point me out exactly what you created, policy routes with fqdn? or wilcard? Thank you

saneeshpv_FTNT

Hi

 

This rarely happens, but you have an option to write to ISDB Team so that the new IP's can be added to the list and available in the next updates.

 

https://fortiguard.com/faq/isdb-contact

 

Regards, Saneesh

daac

Hello Thanks for your help, however I have a concern about the use of isdb in 5.6.3, I only see that it is possible to use it in static routes BUT if I have a static route created towards a ip xxxx with gateway yyyy that belongs to microsoft ( distance 10 priority 0) and create a static route with isb that includes microsoft (in the list is xxxx) and zzzz gateway by which route would it go? and how the election would be made if both would be static. This is because I have not managed to find much information and I have understood that the routing process (without dynamic protocols) would be something like policy route static route defined static route by default Thank you

boneyard
Valued Contributor

after some trouble shooting and debugging i found out the ISDB routes act like policy routes, so while you configure them as static route they don't show up anywhere expect in the policy routing monitor (FortiOS 5.6+). this also means they have the same priority over regular routes as "normal" policy routes have.

 

might have been smarter if Fortinet would have added them as an option to the policy routes, then it would be clearer to understand how they work. now it suggests like they act like static routers which they clearly don't on several levels.

Labels
Top Kudoed Authors