cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

outlook 365 traffic is getting dropped with R80.10

We have R80.10 with jumbo take 70, and we use outlook with office365.

We added all the relevant FQDNs and IP addresses from Microsoft, but still, when trying to open new profile in outlook, we are getting blocked.

Many block messages appear, we are not sure which is relevant.

I can see drops of -  for several addresses of  microsoft - dropped by "fw_conn_post_inspect Reason: Handler 'ssl_v3_code' drop;"

Could not find any SK on this.

Can anyone give assistance on this?

Tags (1)
7 Replies

Re: outlook 365 traffic is getting dropped with R80.10

https inspection is no active

Re: outlook 365 traffic is getting dropped with R80.10

Instead of adding all those urls/IP lists Microsoft issues, just use the predefined Application to allow Office365.

Regards, Maarten
0 Kudos

Re: outlook 365 traffic is getting dropped with R80.10

Thanks, tried that, no change unfortunately

0 Kudos

Re: outlook 365 traffic is getting dropped with R80.10

Are you using the application on a rule with destination Internet? Are you using inline layers / no layers / or a separate APCL/URLF policy?

Regards, Maarten
0 Kudos
Employee+
Employee+

Re: outlook 365 traffic is getting dropped with R80.10

I assume you're not using HTTPS inspection since you're using FQDN and IP addresses. This could be really challenging since Microsoft uses a long list of FQDN and domains, and the IP addresses assigned to them maybe quite dynamic.

What version of Gateway are you using? Are you using also Software Blades more than Firewall?

Regards!

0 Kudos

Re: outlook 365 traffic is getting dropped with R80.10

Hi Victor,

Thanks for replying.

It's stated in the original description We have R80.10 with jumbo take 70, both mgmt+gw.

We Don't use https inspection, and other blades are active, yes.

0 Kudos
Employee+
Employee+

Re: outlook 365 traffic is getting dropped with R80.10

Oh, my bad!

Regarding that error, I personally don't know what is the reason, although for me it seems like the traffic is matching with a "wrong" service. What objects are you using in your "services & applications" column from the relevant rule?

Regarding using the predefined application for Office365, it would be good although it seems this error is something that "happens" before that. Anyway, if you use the application (given that HTTPS inspection is not being used) just be sure that you're using HTTPS Categorization in order to identify the application based on the CN of the server certificate. This way you could not make a granular policy for O365 (since Microsoft does not use certificates with different CNs for each application), although you should be able to allow O365.

0 Kudos