I was able to translate that into 5.4 and create the addresses that should be used by Office 365, but it still isn't working. When I look at the IP4 policy, it appears to just be doing SSL Certificate Inspection. Do the exceptions I put into the Deep Inspection apply to SSL Certificate Inspection as well? Because that is very not clear. And if not, how do I exempt sites from SSL Certificate Inspection?
This was actually being blocked in Webfiltering because the autodiscover.domain.com was unrated, which was set to block by default. I created an exception for it and changed the category from unrated to business IT use, and it now works.
I was about to say I had no issue with SSL inspection on O365 other than needing to exempt Lync traffic because Lync knows what the SSL cert should be and refuses to work if you monkey with it.
But I allow unrated because of what seemed like never ending issues with sites that are not rated... but perhaps I should revisit my decision..
Oh silly me.. I forgot SSL inspection offload is broken on my 300C in 5.2.6 and Fortinet has no idea why.. After a month support just figured out they changed the way SSL offload is done in 5.2.6 and that's why these 2 offload sub-processes are not spawning on my device.. so it's back to the drawing board for support to now figure out why it's still not working.
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.