Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dalit_Ben_Izhak
Participant

outlook 365 traffic is getting dropped with R80.10

We have R80.10 with jumbo take 70, and we use outlook with office365.

We added all the relevant FQDNs and IP addresses from Microsoft, but still, when trying to open new profile in outlook, we are getting blocked.

Many block messages appear, we are not sure which is relevant.

I can see drops of -  for several addresses of  microsoft - dropped by "fw_conn_post_inspect Reason: Handler 'ssl_v3_code' drop;"

Could not find any SK on this.

Can anyone give assistance on this?

7 Replies
Dalit_Ben_Izhak
Participant

https inspection is no active

Maarten_Sjouw
Champion
Champion

Instead of adding all those urls/IP lists Microsoft issues, just use the predefined Application to allow Office365.

Regards, Maarten
0 Kudos
Dalit_Ben_Izhak
Participant

Thanks, tried that, no change unfortunately

0 Kudos
Maarten_Sjouw
Champion
Champion

Are you using the application on a rule with destination Internet? Are you using inline layers / no layers / or a separate APCL/URLF policy?

Regards, Maarten
0 Kudos
Victor_MR
Employee Employee
Employee

I assume you're not using HTTPS inspection since you're using FQDN and IP addresses. This could be really challenging since Microsoft uses a long list of FQDN and domains, and the IP addresses assigned to them maybe quite dynamic.

What version of Gateway are you using? Are you using also Software Blades more than Firewall?

Regards!

0 Kudos
Dalit_Ben_Izhak
Participant

Hi Victor,

Thanks for replying.

It's stated in the original description We have R80.10 with jumbo take 70, both mgmt+gw.

We Don't use https inspection, and other blades are active, yes.

0 Kudos
Victor_MR
Employee Employee
Employee

Oh, my bad!

Regarding that error, I personally don't know what is the reason, although for me it seems like the traffic is matching with a "wrong" service. What objects are you using in your "services & applications" column from the relevant rule?

Regarding using the predefined application for Office365, it would be good although it seems this error is something that "happens" before that. Anyway, if you use the application (given that HTTPS inspection is not being used) just be sure that you're using HTTPS Categorization in order to identify the application based on the CN of the server certificate. This way you could not make a granular policy for O365 (since Microsoft does not use certificates with different CNs for each application), although you should be able to allow O365.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events