Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

Office 365 - "URL belongs to a category with warnings enabled"

We get a lot of alerts about this issue. dstport=80 dstintf="wan1" proto=6 service="HTTP" hostname="autodiscover.domain.com" profile="default" action=blocked reqtype=direct url="/autodiscover/autodiscover.xml" sentbyte=248 rcvdbyte=0 direction=outgoing msg="URL belongs to a category with warnings enabled" method=domain cat=0 catdesc="Unrated" crscore=30 crlevel=high Any suggestions concerning how to address this?
5 REPLIES 5
Fullmoon
Contributor III

I would suggest under Web Filter Profile set the Unrated Category to Monitor or Allow.

Fortigate Newbie

Fortigate Newbie
SecurityPlus

Thanks!
NeilG

So any Unknown is allowed?

 

I have 60D's in Proxy mode (not flow) that connect to O365 and azure services.

I found I had to create two Fortiguard webfilter categories:

    Microsoft365-CertByPass

    Microsoft365

 

The ones in the certbypass category don't work with deep inspection and thus are both re-categorized for the webfilter & "Exempt from SSL Inspection"

 

Microsoft is pretty good at documenting required URLs for their services. In the docs.microsoft.com area for the service of internet search for "URL" and if that doesn't find it use ["firewall exceptions" "TCP"] and if that doesn't find anything search for "URI"

 

Because I don't use "flow based" I can't use CASI. :(

 

-Neil

 

NeilG

NeilG

Note: The Azure portal portal.azure.com is probably the hardest to build the needed fortigate exceptions without using wildcards.

 

See the uservoice article for the discussion... AND vote on it :)

 

https://feedback.azure.com/forums/223579-azure-portal/suggestions/11569407-document-urls-necessary-t...

 

-N

Labels
Top Kudoed Authors