- Exempt the URLs Lync uses from the Web Filter profile- Or, create another Policy specifically for Lync and turn off SSL Deep Inspection for this policy.
Note: This option can still be prone to issues if the FortiGate doesn't cache enough IPs for the URLs listed in the policy (32 is the maximum number of addresses it can cache) the recommendation is to exempt the URLs in the Web Filter profile.
To exempt the URLs, go to Security Profiles > Web Filter > Profiles. From here, select the profile being used in the Policies (if multiple can be hit, be sure to make this change for each to prevent problems). Turn on the 'Enable Web Site Filter' option and a table for URLs should get to be entered.According to the following Microsoft article the list of addresses will be:*.teams.microsoft.comteams.microsoft.com*.skype.com*.lync.com*.azureedge.net*.sfbassets.com*.urlp.sfbassets.comskypemaprdsitus.trafficmanager.netquicktips.skypeforbusiness.comFor each of these URLs create a new item in the Web Site Filter List. Add the URL, for URL's beginning with *. set type to wildcard, otherwise leave as simple and set the action to exempt.This will exempt all these URLs from being scanned by deep inspection and should alleviate the problem and allow Lync to connect without issue.
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.