Description
This technical note gives additional configuration information for the FortiGate firewall and Microsoft BPOS Cloud services.
Scope
All FortiOS Versions.
Solution
The FortiGate acts as a transparent proxy therefore the following configuration steps must be applied:
- Avoid applying Protection Profile traffic to Microsoft BPOS FortiGate firewall rule sets. This will reduce proxy ports filling up and reduce unnecessary memory utilization with the permanent traffic streams that are generated by Microsoft BPOS.
- Create a FortiGate firewall rule for internal->external traffic for *www.microsoftonline.com on ports 80 and 443 for TCP and HTTPS. This rule must apply to all users.
- Exclude the following from the main firewall policy used for AV scanning:
-
- Microsoft Online Sign in application (signin.exe)
- *microsoftonline.com
For further information about Microsoft BPOS services: Microsoft Online Services provide Company Network Requirements on their Help and How-to website at
This article states "If your company uses an authentication proxy, you must add "microsoftonline.com" to your proxy's exceptions list in order to work with Microsoft Online Services."
