Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- RE: iPhone + Exchange
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 10-12-2010 12:13 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
iPhone + Exchange
FortiGate 60B
Firmware v4.0, build 0194,100121 (MR1 Patch 3)
Windows Small Biz Server 2003, IIS set to forward the default web site to " /exchnge" which works perfectly for OWA
I have IPSec working fine on an iPhone 3GS, using the Cisco IPSec client on the iPhone. The VPN connection works fine on the iPhone for accessing both internal network resources (tested via website with LAN address) and external resources (Safari opens google.com fine). Everything seems to be working perfectly, but I cannot get the iPhone Exchange settings to work. When setting up the Exchange connection everything appears to be fine until the iPhone gets to the verifying server identity bit. It says:
" Cannot Verify Server Identity
[NAME] can' t verify the identity of [SERVER]. Would you like to continue anyway?"
It gives an option to see details. When I choose that, it shows the server' s real name, not what used for [SERVER] above, so I know it is actually talking to the Exchange server. There is a button " Accept" which I assume means to accept the SSL cert that Windows Small Biz server uses for OWA. It' s an outdated cert but it works for OWA so it should work for ActiveSync/iPhone. After choosing " Accept" there are no more error messages given on the iPhone until you actually open Mail and try to check mail for the account. Then it tells you that the Exchange server is unavailable.
Has anyone *actually* gotten iPhone Exchange/ActiveSync to work with a FortiGate firewall, 60B or otherwise? I' ve searched these forums high and low, posts from the past year, to no avail. I cannot find anyone here who has actually gotten it to work. All posts talk about the IPSec VPN but not about Exchange. It would be a HUGE help to me in my job if I can get this working, otherwise we will have to spend thousands of dollars that we do not have right now on a different firewall that supports ActiveSync.
TIA
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You must be doing something wrong, i got lots of customers using fortigates, and almost everyone is using activesync, with windows mobiles, iphones, ipads, androids etc...
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: Selective Hi, You must be doing something wrong, i got lots of customers using fortigates, and almost everyone is using activesync, with windows mobiles, iphones, ipads, androids etc...Perhaps there is a language barrier, but I fail to see how that is supposed to address my questions. If you don' t have suggestions, links or answers please ignore this thread.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
. It' s an outdated cert but it works for OWA so it should work for ActiveSync/iPhone. After choosing " Accept"I' d start in that corner... Only because it works for OWA, it does not mean it works for ActiveSync. On Windows Mobile I once was missing the " Accept" option at all. So this was a show stopper. Starting at around 20$ per SSL Cert, it might be a cheap place to start. Check the IPhone KB' s for CA compatibilities.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: MaikI don' t think the outdated cert has anything to do with it. Using ISA 2006 I' ve had no problems at other clients who have outdated certs. I' m thinking it has more to do with Windows Small Business Server. All of my other clients use Windows Server Standard and have had no issues. The only thing that separates this one particular client apart from the rest is the SBS and the FortiGate. I will repeat my original statement that I have yet to find a single thread in this forum related to successfully getting ActiveSync to work through ANY FortiGate firewall, so if anyone can point me to a thread that includes the necessary steps, I' m waiting patiently. The same goes for a KB article. The only KB articles I' ve come across are related to getting IPSec VPN' s working on an iPhone, which is a breeze.. It' s an outdated cert but it works for OWA so it should work for ActiveSync/iPhone. After choosing " Accept"I' d start in that corner... Only because it works for OWA, it does not mean it works for ActiveSync. On Windows Mobile I once was missing the " Accept" option at all. So this was a show stopper. Starting at around 20$ per SSL Cert, it might be a cheap place to start. Check the IPhone KB' s for CA compatibilities.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to remind you, this is a user-to-user forum. Keep in mind that suggestions and hints from other users are on a best effort basis. Noone here that I know of posts just to kill time.
Back to your problem: we have had a similar event last week. A user with an iPad couldn' t connect to his mail server because of the cert warning (" issued by Fortinet Inc." ). The reason for this was that the Fortigate was scanning SMTPS and other secure (encrypted) protocols for viruses, SPAM etc. In order to do so it installs an SSL proxy, accepts the outward SSL cert but issues its own SSL cert towards the client.
This looks exactly like a man-in-the-middle attack and for that reason the application comes up with a warning. What the said user wasn' t able to do was to make his mail app ignore the cert warning. As I don' t use MacOS I cannot say whether he couldn' t or the app couldn' t. The work around was to abandon SSL scanning completely.
You can check the protection profile in use for SSL scanning. It suffices to archive SSL content, or not to allow fragmented mail (!). The FG has to set up a proxy then.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: ede_pfau Just to remind you, this is a user-to-user forum. Keep in mind that suggestions and hints from other users are on a best effort basis. Noone here that I know of posts just to kill time.I understand, and it is appreciated, but posting " You must be doing something wrong because everybody else has it working fine" is a post to kill time, or at the very least does nothing but further frustrate the original poster. It is uncalled for. If anyone should be reprimanded, it is that poster, not the person who asked the question. My response was extremely civil under the circumstances.
Back to your problem: we have had a similar event last week. A user with an iPad couldn' t connect to his mail server because of the cert warning (" issued by Fortinet Inc." ). The reason for this was that the Fortigate was scanning SMTPS and other secure (encrypted) protocols for viruses, SPAM etc. In order to do so it installs an SSL proxy, accepts the outward SSL cert but issues its own SSL cert towards the client. This looks exactly like a man-in-the-middle attack and for that reason the application comes up with a warning. What the said user wasn' t able to do was to make his mail app ignore the cert warning. As I don' t use MacOS I cannot say whether he couldn' t or the app couldn' t. The work around was to abandon SSL scanning completely. You can check the protection profile in use for SSL scanning. It suffices to archive SSL content, or not to allow fragmented mail (!). The FG has to set up a proxy then.The problem turned out to be on the Exchange server itself. It requires a registry hack if you are using forms-based authentication for OWA on a single Exchange server with no front-end/back-end environment. I found the registry hack and as soon as it was in place the iPhones started connecting fine. So the problem wasn' t related to the FortiGate at all.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perhaps there is a language barrier, but I fail to see how that is supposed to address my questions. If you don' t have suggestions, links or answers please ignore this thread.well, it did answer one questian, that it is possible, and that was your main questian ?? perhaps you should read your own questians before posting: " Has anyone *actually* gotten iPhone Exchange/ActiveSync to work with a FortiGate firewall, 60B or otherwise?"
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anyone *actually* gotten iPhone Exchange/ActiveSync to work with a FortiGate firewall, 60B or otherwise? I' ve searched these forums high and low, posts from the past year, to no avail. I cannot find anyone here who has actually gotten it to work.The forum posters tend to post issues and not success stories. thinking of how many might use Fortigate together with Exchange, it might be so easy that everyone got it working except you? also, we answerer don' t like to post full configs on how something should be done: 1) KB' s and Docs adress this area. 2) We don' t want to do your job. maybe you start posting about where you started. post your config.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: MaikI respect that, but nowhere did I ask anyone to do my job, I simply wanted to see a thread where the problem had been worked out before. Unfortunately not very many companies use Fortinet appliances so it' s not like Cisco, where you can just scour the internet to find 8 million people who had the same issues you are seeing. With something like this there are a lot of variables involved. Were I to describe the exact situation and gather all of the required config files so that you could walk in my shoes, it would take forever. For the record, people posting just to say " I have it working, why don' t you?" is a waste of everyone' s time, in particular the original poster' s. I meant no disrespect by my response, I simply wanted to point out that if anyone wanted to join the discussion just to say such things, it would be appreciated that, instead, they simply ignore the thread. This isn' t my first rodeo so I do understand forum etiquette. Apologies if I' ve offended anyone.Has anyone *actually* gotten iPhone Exchange/ActiveSync to work with a FortiGate firewall, 60B or otherwise? I' ve searched these forums high and low, posts from the past year, to no avail. I cannot find anyone here who has actually gotten it to work.The forum posters tend to post issues and not success stories. thinking of how many might use Fortigate together with Exchange, it might be so easy that everyone got it working except you? also, we answerer don' t like to post full configs on how something should be done: 1) KB' s and Docs adress this area. 2) We don' t want to do your job. maybe you start posting about where you started. post your config.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,621 -
FortiClient
1,741 -
5.2
801 -
FortiManager
720 -
5.4
639 -
FortiAnalyzer
552 -
FortiSwitch
470 -
FortiAP
464 -
FortiClient EMS
421 -
6.0
416 -
5.6
362 -
FortiMail
315 -
6.2
251 -
SSL-VPN
236 -
FortiAuthenticator v5.5
234 -
Fortiweb
205 -
IPsec
203 -
5.0
196 -
FortiNAC
186 -
FortiGuard
139 -
6.4
128 -
SD-WAN
113 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiAuthenticator
95 -
FortiToken
89 -
Customer Service
79 -
Firewall policy
78 -
Wireless Controller
77 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
56 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
51 -
ZTNA
48 -
FortiExtender
45 -
FortiSandbox
44 -
Routing
44 -
FortiDNS
42 -
DNS
42 -
LDAP
41 -
BGP
40 -
Authentication
37 -
SAML
36 -
FortiGate v5.4
35 -
NAT
35 -
FortiSwitch v6.4
34 -
Certificate
34 -
RADIUS
32 -
SSO
31 -
Interface
31 -
FortiLink
29 -
FortiConnect
28 -
VDOM
28 -
FortiWAN
27 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Automation
14 -
Static route
14 -
System settings
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
FortiManager v4.0
10 -
IPS signature
10 -
Security profile
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
Proxy policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiGate-VM
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
TACACS
2 -
Schedule
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1688 | |
| 1087 | |
| 752 | |
| 446 | |
| 227 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.