CFS is blocking connections to Microsoft Office 365 Outlook application

Description

Company's Microsoft Exchange server in the network is hosted as Office 365 online services, when users try to access the mailbox, CFS doesn't allow connections to Microsoft Office 365 Outlook mailbox.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

  1. Click Policy tab.
  2. Navigate to Security Services | Content Filtering and make sure that the Content Filtering Service is enabled.

    Image

  3. Go to Objects | Content Filter | CFS Profile Objects tab and edit the CFS Profile used for the particular users/devices (CFS Default Profile in our case).

    Image
  4. Click Create URI List Object.

    Image

  5. In the URI list enter the each of the following domains and click Add.

    aadrm.com
    activedirectory.windowsazure.com
    glbdns.microsoft.com
    live.com
    lync.com
    microsoft.com
    microsoftonline.com
    microsoftonline-p.com
    microsoftonline-p.net
    microsoftonlineimages.com
    microsoftonlinesupport.net
    msecnd.net
    msocdn.com
    msauth.net
    msauthimages.net
    msftauth.net
    msftauthimages.net
    enterpriseregistration.windows.net
    policykeyservice.dc.ad.msft.net
    onmicrosoft.com
    office.com
    office.net
    office365.com
    officeapps.live.com
    outlook.com
    phonefactor.net
    Sharepoint.com
    Sharepointonline.com
    outlook.office365.com
    login.microsoftonline.com
    spoprod-a.akamaihd.net

  6. Click Save after finished the URI List to exit the URI List Object.
  7.  Click Save after you added the new URI List created to exit the CFS Profile Object

How to Test:

Restart the Microsoft Outlook application and synchronize the mailbox.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

  1. Click  Manage tab.
  2. Navigate to Security Services | Content Filtering and make sure it is enabled and a CFS policy is applied.
    Image

  3. On appropriate CFS policy, check the Profile associated (CFS Default Profile in this case).
  4. Go to Objects | Content Filter Objects | CFS Profile Objects tab and edit the Profile above.

    Image

  5. Click Create new URI List Object.
    Image

  6.  In the URI list enter the each of the following domains and click Add.

    aadrm.com
    activedirectory.windowsazure.com
    glbdns.microsoft.com
    live.com
    lync.com
    microsoft.com
    microsoftonline.com
    microsoftonline-p.com
    microsoftonline-p.net
    microsoftonlineimages.com
    microsoftonlinesupport.net
    msecnd.net
    msocdn.com
    msauth.net
    msauthimages.net
    msftauth.net
    msftauthimages.net
    enterpriseregistration.windows.net
    policykeyservice.dc.ad.msft.net
    onmicrosoft.com
    office.com
    office.net
    office365.com
    officeapps.live.com
    outlook.com
    phonefactor.net
    Sharepoint.com
    Sharepointonline.com
    outlook.office365.com
    login.microsoftonline.com
    spoprod-a.akamaihd.net

  7. Click OK in CFS policy configure window.
  8. Click Accept in CFS settings.

How to Test:

Restart the Microsoft Outlook application and synchronize the mailbox.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

In this case, we need to white list the domains which are supported by Microsoft Office 365 Outlook.

  1. Navigate to Network | Zones.
  2. Make sure that, CFS is applied to appropriate Zone.

    Image
  3. Navigate to Security Services | Content Filtering | Configure

    Image

  4. On appropriate CFS policy, click Configure button on right (Office 365 Allow policy, in this case).

    Image

  5. Click Custom List tab.
  6.  In allowed domains section, enter the each of the following domains and click Add.

    aadrm.com
    activedirectory.windowsazure.com
    glbdns.microsoft.com
    live.com
    lync.com
    microsoft.com
    microsoftonline.com
    microsoftonline-p.com
    microsoftonline-p.net
    microsoftonlineimages.com
    microsoftonlinesupport.net
    msecnd.net
    msocdn.com
    msauth.net
    msauthimages.net
    msftauth.net
    msftauthimages.net
    enterpriseregistration.windows.net
    policykeyservice.dc.ad.msft.net
    onmicrosoft.com
    office.com
    office.net
    office365.com
    officeapps.live.com
    outlook.com
    phonefactor.net
    Sharepoint.com
    Sharepointonline.com
    outlook.office365.com
    login.microsoftonline.com
    spoprod-a.akamaihd.net
    Image

  7. Navigate to Settings tab, select Source of Allowed Domains to Per Policy.

    Image

  8. Click OK in CFS policy configure window.
  9. Click Accept in CFS settings.

How to Test:

Restart the Microsoft Outlook application and synchronize the mailbox.

Related Articles

  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More
  • CFS blocks valid sites due to incorrect 64: Not Rated tag
    Read More

Categories

Firewalls
TZ Series
Content Filtering Service
Firewalls
SonicWall SuperMassive 9000 Series
Content Filtering Service
Firewalls
NSa Series
Content Filtering Service
Firewalls
NSv Series
Content Filtering Service
not finding your answers?
Ask the Community
was this article helpful?
YesNo