Hi
With v5.6 I can now create policy rules that allow access for users based upon 'Internet Service Database' objects. Currently, I get notified from Microsoft about changes to the IP addresses they use for Office 365 etc.
Question: How up to date are the ISD objects and do they keep up to date with IP changes from Microsoft? This also applies to other providers such as Apple, Adobe etc.
More info from Microsoft: https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-Office-365-endpoint-categories-and...
Thanks
Ian
Web: www.activatelearning.ac.uk
Twitter: twitter.com/activate_learn
Facebook: facebook.com/Activate-Learning
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hey,
using ISDB rules was one of the main reasons for us to upgrade several installations to 5.6 for some of our customers - as we had to maintain the MS adresses regularily.
We did not see any troubles using ISDB adress objects for O365 and Skype4Business. For us this seems completely accurate.
Br,
Roman
Hello Could you point me out exactly what you created, policy routes with fqdn? or wilcard? Thank you
Hi
This rarely happens, but you have an option to write to ISDB Team so that the new IP's can be added to the list and available in the next updates.
https://fortiguard.com/faq/isdb-contact
Regards, Saneesh
Hello Thanks for your help, however I have a concern about the use of isdb in 5.6.3, I only see that it is possible to use it in static routes BUT if I have a static route created towards a ip xxxx with gateway yyyy that belongs to microsoft ( distance 10 priority 0) and create a static route with isb that includes microsoft (in the list is xxxx) and zzzz gateway by which route would it go? and how the election would be made if both would be static. This is because I have not managed to find much information and I have understood that the routing process (without dynamic protocols) would be something like policy route static route defined static route by default Thank you
after some trouble shooting and debugging i found out the ISDB routes act like policy routes, so while you configure them as static route they don't show up anywhere expect in the policy routing monitor (FortiOS 5.6+). this also means they have the same priority over regular routes as "normal" policy routes have.
might have been smarter if Fortinet would have added them as an option to the policy routes, then it would be clearer to understand how they work. now it suggests like they act like static routers which they clearly don't on several levels.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.