Eric Knopp

R80.20 HTTPS Inspection Bypass for Office365

Discussion created by Eric Knopp on Oct 5, 2018
Latest reply on Feb 13, 2019 by Chris Thuys

Good morning,

Here's our situation. We'd upgraded from R77.30 to R80.10 a couple months ago to take advantage of new features and to implement HTTPS Inspection, which we'd been told would be a more stable experience. Once we'd upgraded and during testing of HTTPS Inspection, we found our general O365 experience to be lacking. Microsoft recommends not to inspect that traffic, to have the cleanest connection between client and their servers.


We were going to apply the SK119562 Hotfix to our R80.10 Take 112 environment to take advantage of the Dynamic Objects, but ran into issues. Lo and behold, R80.20 went GA, so we changed our tact to upgrading to R80.20. We found the Updatable Objects for O365/Azure, and thought we could use those in our Bypass Rules. We've been told that those can only be used in Access Policies. Which is a shame, as this is exactly what we need.


1. Should we just use the Dynamic Objects in the Destination column in HTTPS Inspection rules, forgetting about these new "Updatable Objects"?

Unfortunately we have tried employing these Dynamic Objects in R80.20 and get this error.


2. Does R80.20 just work better with Office 365 and there is no need for a specific Bypass Rule?


3. Any other suggestions/solutions?


I cannot believe that this would not have been thought about during the EA period for R80.20, especially as this SK119562 Hotfix was made available.