Description
When accessing some cloud applications and services, such as Microsoft Office 365, Exchange Online, SharePoint Online or Lync Online, there may be issues experienced in the functionality of those cloud apps.
This may happen due to the fact that the client PC is connected behind a FortiGate firewall, which may be configured too restrictively with rules to filter network traffic, which is required for the proper operation of these cloud services.
Scope
FortiGate units with FortiOS firmware versions 4.00 MR3 or 5.0.x
Solution
Solution to this issue is to create a set of exception rules in the URL filter, and link these exceptions to a Webfilter profile.
Also, IP address related exceptions may be considered, in order to be included in firewall policies.
For the detailed list on which URLs or IP addresses are used with particular cloud applications or services, please consult the documentation of these cloud services.
How to write the URL or domain name specification into a regex - regexp notation
As an example, for the purpose of creating an URL filter rule, the domain *.fortinet.com could be written in the regex notation the following way:
(http|HTTP|https|HTTPS)\:\/\/[a-z|A-Z|0-9]*\.fortinet\.com
The URL filter rule would look like this from the CLI:
edit "(http|HTTP|https|HTTPS)\\:\\/\\/[a-z|A-Z|0-9]*\\.fortinet\\.com"
set action allow
set type regex
next
Additional information for Microsoft cloud applications
Particularly, following articles might be considered useful. Please note, that these URLs may change at any time. Please use your Internet search engine if necessary, or contact your provider of cloud services.
