CFS is blocking connections to Microsoft Office 365 Outlook application
04/20/2020 
905 
26847
DESCRIPTION:
Company's Microsoft Exchange server in the network is hosted as Office 365 online services, when users try to access the mailbox, CFS doesn't allow connections to Microsoft Office 365 Outlook mailbox.
RESOLUTION:
In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.
- Click Manage tab.
- Navigate to Security Services | Content Filtering and make sure it is enabled and a CFS policy is applied.
- On appropriate CFS policy, check the Profile associated (CFS Default Profile in this case).
- Go to Objects | Content Filter Objects | CFS Profile Objects tab and edit the Profile above.
- Click Create new URI List Object.
- In the URI list enter the each of the following domains and click Add.
aadrm.com
activedirectory.windowsazure.com
glbdns.microsoft.com
live.com
lync.com
microsoft.com
microsoftonline.com
microsoftonline-p.com
microsoftonline-p.net
microsoftonlineimages.com
microsoftonlinesupport.net
msecnd.net
msocdn.com
msn.com
msn.co.jp
msn.co.uk
onmicrosoft.com
office.com
office.net
office365.com
officeapps.live.com
outlook.com
phonefactor.net
Sharepoint.com
Sharepointonline.com
outlook.office365.com
login.microsoftonline.com
spoprod-a.akamaihd.net
- Click OK in CFS policy configure window.
- Click Accept in CFS settings.
How to Test:
Restart the Microsoft Outlook application and synchronize the mailbox.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.
- Navigate to Network | Zones.
- Make sure that, CFS is applied to appropriate Zone.
- Navigate to Security Services | Content Filtering | Configure
- On appropriate CFS policy, click Configure button on right (Office 365 Allow policy, in this case).
- Click Custom List tab.
- In allowed domains section, enter the each of the following domains and click Add.
aadrm.com
activedirectory.windowsazure.com
glbdns.microsoft.com
live.com
lync.com
microsoft.com
microsoftonline.com
microsoftonline-p.com
microsoftonline-p.net
microsoftonlineimages.com
microsoftonlinesupport.net
msecnd.net
msocdn.com
msn.com
msn.co.jp
msn.co.uk
onmicrosoft.com
office.com
office.net
office365.com
officeapps.live.com
outlook.com
phonefactor.net
Sharepoint.com
Sharepointonline.com
outlook.office365.com
login.microsoftonline.com
spoprod-a.akamaihd.net
- Navigate to Settings tab, select Source of Allowed Domains to Per Policy.
- Click OK in CFS policy configure window.
- Click Accept in CFS settings.
How to Test:
Restart the Microsoft Outlook application and synchronize the mailbox.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
