Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rg2017
New Contributor III

Office 365

Hello. We've recently switched to Office 365. We have a group of users we would like to restrict Internet access to only Office 365 services. Does anyone have any experience they can share with doing this? 

5 REPLIES 5
Philippe_Gagne
Contributor

Hi,

 

In FortiOS 5.6 and higher, you are able to create rules with Internet Service Database. I'm using the following entries:

- Microsoft-Office365

- Microsoft-Outlook

 

You permit this rule just above your restricted rule. These entries are updated by Fortiguard frequently! 

 

Philippe

 

rg2017

Thank you. I've done that. Outlook can connect and send/receive. However, I've noticed that it takes up to 2 minutes for Outlook to launch. When the workstation has full Internet access, Outlook loads immediately. Not sure what's hanging it up with the suggested configuration.

Philippe_Gagne

Hi,

 

It looks like a DNS or Azure AD issue.  There is requests blocked at that time. Packet sniffer can help to find with IP are needed on wich protocol.

 

 

emsu

Dears, I need help for Office365 in Fortigate OS version 5.6.6

 

I have remote offices and they have access to the internet only from a centralized location. To allow them to reach to head office for the office365 subnet, I need to publish the subnets in BGP.

 

But the IP Subnets keep on changing for Office365, id there any other way to achieve this publishing?

 

boneyard
Valued Contributor

usually probably better idea to start a new thread for a new question.

 

don't quite get your setup, can't you just publish a default route?

 

policy routes in combination with the ISDB might also help.

 

but injecting this into BGP isn't possible with the FortiGate i believe.

Labels
Top Kudoed Authors