Created on 10-12-2010 12:13 PM
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
ORIGINAL: Selective Hi, You must be doing something wrong, i got lots of customers using fortigates, and almost everyone is using activesync, with windows mobiles, iphones, ipads, androids etc...Perhaps there is a language barrier, but I fail to see how that is supposed to address my questions. If you don' t have suggestions, links or answers please ignore this thread.
. It' s an outdated cert but it works for OWA so it should work for ActiveSync/iPhone. After choosing " Accept"I' d start in that corner... Only because it works for OWA, it does not mean it works for ActiveSync. On Windows Mobile I once was missing the " Accept" option at all. So this was a show stopper. Starting at around 20$ per SSL Cert, it might be a cheap place to start. Check the IPhone KB' s for CA compatibilities.
ORIGINAL: MaikI don' t think the outdated cert has anything to do with it. Using ISA 2006 I' ve had no problems at other clients who have outdated certs. I' m thinking it has more to do with Windows Small Business Server. All of my other clients use Windows Server Standard and have had no issues. The only thing that separates this one particular client apart from the rest is the SBS and the FortiGate. I will repeat my original statement that I have yet to find a single thread in this forum related to successfully getting ActiveSync to work through ANY FortiGate firewall, so if anyone can point me to a thread that includes the necessary steps, I' m waiting patiently. The same goes for a KB article. The only KB articles I' ve come across are related to getting IPSec VPN' s working on an iPhone, which is a breeze.. It' s an outdated cert but it works for OWA so it should work for ActiveSync/iPhone. After choosing " Accept"I' d start in that corner... Only because it works for OWA, it does not mean it works for ActiveSync. On Windows Mobile I once was missing the " Accept" option at all. So this was a show stopper. Starting at around 20$ per SSL Cert, it might be a cheap place to start. Check the IPhone KB' s for CA compatibilities.
ORIGINAL: ede_pfau Just to remind you, this is a user-to-user forum. Keep in mind that suggestions and hints from other users are on a best effort basis. Noone here that I know of posts just to kill time.I understand, and it is appreciated, but posting " You must be doing something wrong because everybody else has it working fine" is a post to kill time, or at the very least does nothing but further frustrate the original poster. It is uncalled for. If anyone should be reprimanded, it is that poster, not the person who asked the question. My response was extremely civil under the circumstances.
Back to your problem: we have had a similar event last week. A user with an iPad couldn' t connect to his mail server because of the cert warning (" issued by Fortinet Inc." ). The reason for this was that the Fortigate was scanning SMTPS and other secure (encrypted) protocols for viruses, SPAM etc. In order to do so it installs an SSL proxy, accepts the outward SSL cert but issues its own SSL cert towards the client. This looks exactly like a man-in-the-middle attack and for that reason the application comes up with a warning. What the said user wasn' t able to do was to make his mail app ignore the cert warning. As I don' t use MacOS I cannot say whether he couldn' t or the app couldn' t. The work around was to abandon SSL scanning completely. You can check the protection profile in use for SSL scanning. It suffices to archive SSL content, or not to allow fragmented mail (!). The FG has to set up a proxy then.The problem turned out to be on the Exchange server itself. It requires a registry hack if you are using forms-based authentication for OWA on a single Exchange server with no front-end/back-end environment. I found the registry hack and as soon as it was in place the iPhones started connecting fine. So the problem wasn' t related to the FortiGate at all.
Perhaps there is a language barrier, but I fail to see how that is supposed to address my questions. If you don' t have suggestions, links or answers please ignore this thread.well, it did answer one questian, that it is possible, and that was your main questian ?? perhaps you should read your own questians before posting: " Has anyone *actually* gotten iPhone Exchange/ActiveSync to work with a FortiGate firewall, 60B or otherwise?"
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Has anyone *actually* gotten iPhone Exchange/ActiveSync to work with a FortiGate firewall, 60B or otherwise? I' ve searched these forums high and low, posts from the past year, to no avail. I cannot find anyone here who has actually gotten it to work.The forum posters tend to post issues and not success stories. thinking of how many might use Fortigate together with Exchange, it might be so easy that everyone got it working except you? also, we answerer don' t like to post full configs on how something should be done: 1) KB' s and Docs adress this area. 2) We don' t want to do your job. maybe you start posting about where you started. post your config.
ORIGINAL: MaikI respect that, but nowhere did I ask anyone to do my job, I simply wanted to see a thread where the problem had been worked out before. Unfortunately not very many companies use Fortinet appliances so it' s not like Cisco, where you can just scour the internet to find 8 million people who had the same issues you are seeing. With something like this there are a lot of variables involved. Were I to describe the exact situation and gather all of the required config files so that you could walk in my shoes, it would take forever. For the record, people posting just to say " I have it working, why don' t you?" is a waste of everyone' s time, in particular the original poster' s. I meant no disrespect by my response, I simply wanted to point out that if anyone wanted to join the discussion just to say such things, it would be appreciated that, instead, they simply ignore the thread. This isn' t my first rodeo so I do understand forum etiquette. Apologies if I' ve offended anyone.Has anyone *actually* gotten iPhone Exchange/ActiveSync to work with a FortiGate firewall, 60B or otherwise? I' ve searched these forums high and low, posts from the past year, to no avail. I cannot find anyone here who has actually gotten it to work.The forum posters tend to post issues and not success stories. thinking of how many might use Fortigate together with Exchange, it might be so easy that everyone got it working except you? also, we answerer don' t like to post full configs on how something should be done: 1) KB' s and Docs adress this area. 2) We don' t want to do your job. maybe you start posting about where you started. post your config.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.