Overview

When using Office 365 applications, such as Outlook client, the connection might be hanging, showing "in progress" state. This might be an indication, the traffic is being dropped by Kerio Control.

This article provides instructions on how to create a traffic rule and content rule in order to allow Microsoft Office 365 services.

Solution

Office 365 is using 25, 80, 143, 443, 587, 993, 995 TCP ports for the various service communication.

Note: if you're using Microsoft Lync, then ports 3478 (UDP), 50000-59999 (TCP/UDP), 5223 (TCP) should be also captured by the firewall policies.

In terms of HTTP(S) detection, Office 365 is transferring data through login.live.com and ctldl.windowsupdate.com mostly.

1. In Kerio Control administration, create a separate service for Office 365 TCP ports.
   Protocol: TCP
   Source port: Any
   Destination port: 25, 80, 143, 443, 587, 993, 995
   
2. Create a traffic rule allowing Office 365 services.
   
3. Configure a standalone Content Rule for all Microsoft (including Office 365) related categories.
   
   

   Note: if you're sure some of these MS categories are not used in your environment, remove them from the "Detected content" column.

4. If you're using HTTPS filtering decryption, consider adding login.live.com and ctldl.windowsupdate.com to HTTPS exclusions IP address group.
   
   
   
   
   Make sure to have "Traffic to/from IP addresses which belong to" option set equal to HTTPS exclusions.
   

Testing

Try to update Office 365 or interact with Outlook or other MS applications.