Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ZAHIDHASEEB
New Contributor III

Created on ‎05-03-2023 06:17 AM

We want to allow MS Teams from a top Firewall Rule

We want to allow MS Teams from a top Firewall Rule and to allow other applications I want to forward the request to other Firewall rules instead of denying immediately  

Labels:
1838
0 Kudos
8 REPLIES 8
AlexC-FTNT
Staff
Staff

Created on ‎05-03-2023 06:22 AM

Hello!

I am not sure how you would like to achieve that in a FortiGate.

Once the policy is matched, the application control will give the verdict : either allow(monitor) or deny. There is no configurable action to pass the scanning to another policy, because this has already been matched


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1835
0 Kudos
ZAHIDHASEEB
New Contributor III

Created on ‎05-03-2023 06:36 AM Edited on ‎05-03-2023 06:44 AM

Actually I am facing a lot disconnection sometimes on MS Teams and now think that I should allow only Teams without applying any AV, IPS or other Security Profile on Firewall Rule for MS Teams.

In short I don't want to apply any Security Profile against only MS Teams application

1832
AlexC-FTNT
Staff
Staff

Created on ‎05-03-2023 07:08 AM Edited on ‎05-03-2023 11:30 PM

Understood now. Check if this App Control profile helps as TOP policy.

You can also deny MSTeams in all previous policies, and use this as a bottom policy.

(deep inspection may be required)

App control profileApp control profile


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1821
0 Kudos
Cajuntank
Contributor II

Created on ‎05-03-2023 08:30 AM Edited on ‎05-03-2023 09:11 AM

I would also take a look at these three links as they mention Teams dropping calls behind a FortiGate.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Microsoft-Teams-calls-dropping/ta-p/230203

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-Microsoft-Teams-with-DOS-Policy/ta-p...

 

Then a general common issues link one of the other links provided, links to

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-The-most-common-issues-with-FortiGat...

 

1814
0 Kudos
gfleming
Staff
Staff

Created on ‎05-03-2023 10:15 AM

You can't use app control profiles to globally restrict access to applications.

You'll probably need to use ISDB instead of app control here...

 

But also it might be better if you can give us more details as to what exactly you are trying to accomplish?

Cheers,
Graham
1801
0 Kudos
Christian_89
Contributor III

Created on ‎05-03-2023 11:57 AM

You can enable Internet Service in the Top Rule with all MS-TEAMS service.

 

1791
0 Kudos
AlexC-FTNT
Staff
Staff
In response to Christian_89

Created on ‎05-03-2023 11:33 PM

ISDB is the best approach as long as this identifies correctly all MS.teams IPs.isb.png


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1764
Christian_89
Contributor III
In response to AlexC-FTNT

Created on ‎05-04-2023 12:47 PM

Is this solution enough for you or do you still need help?

1738
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.