Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mbadmin
New Contributor

Microsoft 365 Exchange Online traffic inspection from Outlook clients

Hello!

 

We have a Fortigate 60F running latest mature (7.2.8) FortiOS. We would like to inspect (as much as possible) email traffic, ie around 10 users accessing Exchange Online via latest Outlook clients on Windows and using default protocols (MAPI over HTTPS?). We are clear on how to inspect IMAP/POP3/SMTP traffic, but not sure how to handle Exchange Online default protocol. Fortigate docs mention RPC over HTTP (should be deprecated for Exchange) as well as MAPI. Is MAPI the way to go. If so, how should we configure policies, profiles etc. to separate from the rest of HTTP/Microsoft traffic and make sure email and antivirus detections/profiles are applied.

 

Also, while 7.2.8 still makes it possible to enable proxy-based policies and profiles (MAPI inspection not supported in flow-based), what is the way forward for M365 Excange Online inspection on < 2GB RAM devices for smaller networks?

 

Any advice is welcome. Thanks!

2 REPLIES 2
hbac
Staff
Staff

Hi @mbadmin,

 

If you want to inspect encrypted traffic, you need to enable deep inspection. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-deep-inspection-and-import-a...

 

Regards, 

mbadmin
New Contributor

Hello,

 

maybe the question was in two parts and not quite clear. For the first part we were mainly looking for confirmation from the community that MAPI over HTTPS is in fact the default protocol for Outlook 365 to Exchange Online, which we have since confirmed via https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-network-connectivity-princi...

 

The second part is more important. Since we are dealing with MAPI protocol and per the admin guide, we have to configure proxy-mode firewall policy and corresponding proxy-mode profiles (we are mostly interested in applying antivirus profile, email filter), since MAPI inspection is not supported in flow-mode. We are still able to do this since we are running FortiOS 7.2.8. However, from FortiOS 7.4.4. onward, proxy-mode is no longer supported on FG with less than 2 GB RAM, such as ours. Could you provide some information from your engineering if enabling MAPI inspection in flow-mode (or maybe brining back limited proxy-mode support) is in the roadmap. Otherwise, can we assume there will be no possibility to inspect Outlook 365 to Exchange Online traffic on entry level devices.

 

Thanks!

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors