FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ereddy
Staff
Staff
Article Id 190635

Description


This article describes the most common issues users encounter when using both FortiGate and Microsoft Teams.
It is a basic verification of a few checks for improvised or better working of
Microsoft Teams.

 

Scope

 

FortiGate.


Solution


There are three important things to verify to resolve Microsoft Teams performance issues:

 

  1. Issues with using the threshold of UDP packets in a FortiGate DDOS policy.

Multiple issues have been reported to occur due to lower UDP threshold packets. The audio and video functions of Microsoft Teams both use UDP packets.
Most UDP packets are dropped due to a lower threshold for UDP packets.
This can be verified in the DDOS logs.
Test Microsoft Teams with no DDOS policy to better identify the issue.

See the article Using Microsoft Teams with DOS Policy.

  1. There are multiple reported issues that occur when using Microsoft Teams over an IPSEC split tunnel VPN.

Microsoft recommends using VPN in split tunnelling mode (see this link). The network design should consider the topologies and call flows described in Microsoft's Documentation. Below are some useful links to help in planning and designing the split networks, NAT, and routing back and forth:

Some issues are also noted in FortiClient. It is recommended to test with earlier versions.

 

  1. Microsoft Teams experiences issues when used with proxy and UTM features.

Some UTM features can lead to false positives.

To avoid these issues, use FortiGate ISDB entries as Destination in a firewall policy without UTM profiles. This is also mentioned in Microsoft's Network Requirements section 1: 'open the TCP ports and IP addresses listed for Teams in Office 365 URLs and IP address ranges.'

 

  1. Make use of Microsoft's Teams Assessment Tool to help test design and settings:
  1. Implementation of the QOS and Microsoft suggested port range in a policy will improve the performance of teams traffic. See this Microsoft Learn article for more information.

 

Investigate any of these five possible causes as applicable. If an issue still persists, contact the TAC team.