Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Labt
New Contributor

Created on ‎10-19-2023 05:53 AM

Policy for Office365 doesn't work

Hello,

I have a firwall policy that allows a network segment to communicate to Office 365 (Internet Service: Microsoft-Office365). In the Forward Traffic I can see "accepted" for the rule, but on my client nothing happens.

 

Firewall ist 101F with Firmware v7.2.5 build1517

Is the old firmware the reason?

 

THX

Labt

Labels:
1069
0 Kudos
7 REPLIES 7
hbac
Staff
Staff

Created on ‎10-19-2023 08:14 AM

Hi @Labt,

 

Do you have any Security Profiles enabled in the firewall policy? If yes, please disable them for testing. Are you getting any error messages on the client? 

 

Regards, 

1052
Labt
New Contributor
In response to hbac

Created on ‎10-19-2023 11:44 PM

Hello,

 

I had this idea too, but it doesn't solved the problem.

 

I put destination and services to "all", then the policy worked. So in my opinion it can only be the Internet Service.

 

Labt

1026
0 Kudos
hbac
Staff
Staff
In response to Labt

Created on ‎10-20-2023 05:46 AM

@Labt

 

It depends on which application you are using or which website you are trying to reach. The destination IP might not be included in the Internet Service.  

 

Regards, 

1012
0 Kudos
esalija
Staff
Staff

Created on ‎10-20-2023 07:24 AM

Hi @Labt 

Please check your destination IP at which Internet Service is part.

Below you will find the Microsoft Office365 list on the FortiGate:

Microsoft-Office365

Microsoft-Office365.Published

Microsoft-Office365.Published.Allow

Microsoft-Office365.Published.Optimize

Microsoft-Office365.Published.USGOV

 

Best regards,

Erlin

1006
0 Kudos
Labt
New Contributor
In response to esalija

Created on ‎10-23-2023 04:31 AM

OK

I take Edge and try to open https://login.microsoftonline.com

As I started I had only Microsoft-Office365 as destination. I just added 

Microsoft-Office365.Published

Microsoft-Office365.Published.Allow

but the problem still exists, white screen in the Edge browser.

So where ist the problem??

In my opinion Fortinet has done mistakes in the internet service!

 

Labt

964
0 Kudos
akushwaha
Staff
Staff

Created on ‎10-25-2023 02:05 AM

Hi@Labt,

++ Checked the ISDB entry for Microsoft ISDB and see if IPs are available for the ISDB or not.
++ If the entry is empty, then update the database by the given and check : exe update-now
++ Also refer to the below article regarding the different ISDB groups for Microsoft Office 365 :
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Different-Internet-Service-Database-groups...

Regards,
Abhimanyu

 

 

944
0 Kudos
Labt
New Contributor
In response to akushwaha

Created on ‎10-25-2023 05:42 AM

Hello,

 

solved!

 

The solution is to take the right selection of Internet Services. As I took 

Microsoft Office 365

Microsoft Outlook

Microsoft Skype Teams

Microsoft Azure

it worked. 

 

THX

Labt

935
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.