Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

SSL Inspection - Office 365

Hi all,


I am trying to get Office 365 to work on site behind a Fortigate 50E. Unfortunately I'm having a lot of trouble.


I found this document:


I was able to translate that into 5.4 and create the addresses that should be used by Office 365, but it still isn't working. When I look at the IP4 policy, it appears to just be doing SSL Certificate Inspection. Do the exceptions I put into the Deep Inspection apply to SSL Certificate Inspection as well? Because that is very not clear. And if not, how do I exempt sites from SSL Certificate Inspection?



New Contributor

This was actually being blocked in Webfiltering because the was unrated, which was set to block by default. I created an exception for it and changed the category from unrated to business IT use, and it now works.



New Contributor

From a web browser point of view, Office 365 Trial is just like any other web app. With SSL Decryption enabled, all the Software Blades you've enabled should work (including AV).


I was about to say I had no issue with SSL inspection on O365 other than needing to exempt Lync traffic because Lync knows what the SSL cert should be and refuses to work if you monkey with it. 

But I allow unrated because of what seemed like never ending issues with sites that are not rated... but perhaps I should revisit my decision.. 


Oh silly me.. I forgot SSL inspection offload is broken on my 300C in 5.2.6 and Fortinet has no idea why.. After a month support just figured out they changed the way SSL offload is done in 5.2.6 and that's why these 2 offload sub-processes are not spawning on my device.. so it's back to the drawing board for support to now figure out why it's still not working.

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.


FAC-VM 2 node cluster

Friends don't let friends FWF!