CFS is blocking connections to Microsoft Office 365 Outlook application

04/20/2020 932 28445

DESCRIPTION:

Company's Microsoft Exchange server in the network is hosted as Office 365 online services, when users try to access the mailbox, CFS doesn't allow connections to Microsoft Office 365 Outlook mailbox.

RESOLUTION:

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

1. Click  Manage tab.
2. Navigate to Security Services | Content Filtering and make sure it is enabled and a CFS policy is applied.
   
   
   
3. On appropriate CFS policy, check the Profile associated (CFS Default Profile in this case).
4. Go to Objects | Content Filter Objects | CFS Profile Objects tab and edit the Profile above.
   
   
   
   
5. Click Create new URI List Object.
   
   
   
6.  In the URI list enter the each of the following domains and click Add.
   
   aadrm.com
   activedirectory.windowsazure.com
   glbdns.microsoft.com
   live.com
   lync.com
   microsoft.com
   microsoftonline.com
   microsoftonline-p.com
   microsoftonline-p.net
   microsoftonlineimages.com
   microsoftonlinesupport.net
   msecnd.net
   msocdn.com
   msn.com
   msn.co.jp
   msn.co.uk
   onmicrosoft.com
   office.com
   office.net
   office365.com
   officeapps.live.com
   outlook.com
   phonefactor.net
   Sharepoint.com
   Sharepointonline.com
   outlook.office365.com
   login.microsoftonline.com
   spoprod-a.akamaihd.net
   
   
7. Click OK in CFS policy configure window.
8. Click Accept in CFS settings.
   

How to Test:

Restart the Microsoft Outlook application and synchronize the mailbox.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

1. Navigate to Network | Zones.
2. Make sure that, CFS is applied to appropriate Zone.
   
   
3. Navigate to Security Services | Content Filtering | Configure
   
   
   
   
4. On appropriate CFS policy, click Configure button on right (Office 365 Allow policy, in this case).
   
   
   
   
5. Click Custom List tab.
6.  In allowed domains section, enter the each of the following domains and click Add.
   
   aadrm.com
   activedirectory.windowsazure.com
   glbdns.microsoft.com
   live.com
   lync.com
   microsoft.com
   microsoftonline.com
   microsoftonline-p.com
   microsoftonline-p.net
   microsoftonlineimages.com
   microsoftonlinesupport.net
   msecnd.net
   msocdn.com
   msn.com
   msn.co.jp
   msn.co.uk
   onmicrosoft.com
   office.com
   office.net
   office365.com
   officeapps.live.com
   outlook.com
   phonefactor.net
   Sharepoint.com
   Sharepointonline.com
   outlook.office365.com
   login.microsoftonline.com
   spoprod-a.akamaihd.net
   
   
   
7. Navigate to Settings tab, select Source of Allowed Domains to Per Policy.
   
   
   
   
8. Click OK in CFS policy configure window.
9. Click Accept in CFS settings.
   

How to Test:

Restart the Microsoft Outlook application and synchronize the mailbox.