SSL Inspection - Office 365

Author
danseals
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/02/27 21:07:32
  • Status: offline
2016/03/15 06:56:16 (permalink)
0

SSL Inspection - Office 365

Hi all,
 
I am trying to get Office 365 to work on site behind a Fortigate 50E. Unfortunately I'm having a lot of trouble.
 
I found this document: http://cookbook.fortinet.com/exempting-google-ssl-inspection/
 
I was able to translate that into 5.4 and create the addresses that should be used by Office 365, but it still isn't working. When I look at the IP4 policy, it appears to just be doing SSL Certificate Inspection. Do the exceptions I put into the Deep Inspection apply to SSL Certificate Inspection as well? Because that is very not clear. And if not, how do I exempt sites from SSL Certificate Inspection?
 
Thanks!
#1

3 Replies Related Threads

    danseals
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/02/27 21:07:32
    • Status: offline
    Re: SSL Inspection - Office 365 2016/03/15 12:18:20 (permalink)
    0
    This was actually being blocked in Webfiltering because the autodiscover.domain.com was unrated, which was set to block by default. I created an exception for it and changed the category from unrated to business IT use, and it now works.
     
    Thanks!
    #2
    SamuelMartin
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/03/17 00:08:41
    • Status: offline
    Re: SSL Inspection - Office 365 2016/03/17 00:13:49 (permalink)
    0
    From a web browser point of view, Office 365 Trial is just like any other web app. With SSL Decryption enabled, all the Software Blades you've enabled should work (including AV).
    #3
    bartman10
    Silver Member
    • Total Posts : 88
    • Scores: 18
    • Reward points: 0
    • Joined: 2014/05/01 18:22:38
    • Status: offline
    Re: SSL Inspection - Office 365 2016/03/21 09:23:49 (permalink)
    0
    I was about to say I had no issue with SSL inspection on O365 other than needing to exempt Lync traffic because Lync knows what the SSL cert should be and refuses to work if you monkey with it. 
    But I allow unrated because of what seemed like never ending issues with sites that are not rated... but perhaps I should revisit my decision.. 
     
    Oh silly me.. I forgot SSL inspection offload is broken on my 300C in 5.2.6 and Fortinet has no idea why.. After a month support just figured out they changed the way SSL offload is done in 5.2.6 and that's why these 2 offload sub-processes are not spawning on my device.. so it's back to the drawing board for support to now figure out why it's still not working.

    300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
    Over 100 WiFi AP's and growing.
    FAZ-200D
    FAC-VM 2 node cluster
    Friends don't let friends FWF!
    #4
    Jump to:
    © 2021 APG vNext Commercial Version 5.5