Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

publishing OWA, ActiveSync, Outlook Anywhere and AutoDiscover.

Hello. Where can I find instructions for publishing OWA, ActiveSync, Outlook Anywhere and AutoDiscover. Myself, I was able to reach only certificates. I added on fortigate root certificate and certificate exchange. Next, I need to publish services. How do I do it. My device - fortigate 100d Firmware - v5.2.0, build0589 Exchange 2010 sp3

New Contributor II

I understand. Certificates and other stuff is unnecessary. Unlike TMG))). You just need to do portforwarding.

TMG and a FortiGate are not the same so yes just open the port. A FortiWeb is a true replacement for TMG.

How does Fortiweb handle Outlook anywhere / RPC connections over HTTPS - I know some WAF's have issues with file attachments through email over rpc/https - anyone using Fortiweb for this successfully that can share feedback?

Infosec Partners
Infosec Partners
New Contributor

I'm very interested to this thread. 

I've just tried a migration and I got a loooot of trouble with outlook activesync and different android devices. 


anyone can help here? 




oliverlag wrote:

I'm very interested to this thread. 

I've just tried a migration and I got a loooot of trouble with outlook activesync and different android devices. 

 anyone can help here? 



You need to provide info and probably make your own thread for that.

In general there are absolutely no issues with specific OS devices. All you do is VIP with HTTPS service port 443 to your server.

The only issue client side would maybe be leftover certificate and androids needing "reconnect" to force new cert. 

New Contributor

I'm retrying everything in my lab and doing a poc. 

I will get back with a new thread in case. 



New Contributor

I'm in the same boat! 


Exchange 2013 Single server setup


I've had Support setup the VIP, setup the profile and now when I go to the URL I get a HTTP 400 error i'll have support help later today will post anything they do. Really wish there was a guide, because not sure how you point the exchange server to it once its in place.


evolutionxtinct wrote:

I'm in the same boat! 


Exchange 2013 Single server setup


I've had Support setup the VIP, setup the profile and now when I go to the URL I get a HTTP 400 error i'll have support help later today will post anything they do. Really wish there was a guide, because not sure how you point the exchange server to it once its in place.

There's no guide because there absolutely nothing special about exchange. It is same port forwarding as in any other appliance or software and any other server. It's just port forward.

You go to objects, go to virtual ip, set your external IP, set your internal IP, select port forward, type 443. Go to policy and allow all to newly created ViP.

New Contributor

Hi guys.. there is a guide! I've asked to support and they gave me this not-public doc. There you go:


Despite the title looks great it does not show much new things. 

I tested this thing yesterday and the problem are two: 

1-FGT does not do http redirect.. so if you do it does not redirect to for example (TMG does it)

2- TMG can accept authentication without the domain setup. So mobile devices like android / ios are already configured w/o domain. Once you migrate from TMG to FGT all those devices won't work anymore! They will say the password is wrong. Of course is not the password but it's the username. FGT claims the format DOMAIN\user instead of "user" 

This is because TMG authenticate users before talking to Exchange (something that FGT can't do). 



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors