The article describes that DLP profile does not work as expected for the CCN body message if the Outlook desktop app sends traffic using HTTPS protocol.
Scope
Any FortiOS.
Solution
Configure Outlook to use MAPI over HTTP or RPC over HTTP protocols and ensure that the data transferred is not exclusively over HTTPS. The FortiGate needs to have enabled Mapi-over-http in the ssl inspection profile:
config firewall ssl-ssh-profile edit deep inspection set mapi-over-http [disable|enable] end
It has been confirmed that a functional version of the Outlook desktop app is Version 2405, Build 16.0.17628.20006. Newer versions do not support mapi protocol for traffic from the Outlook desktop app.
Use the following debugs command to determine if the Outlook desktop app is using MAPPI or HTTPS:
diag debug reset dia sys scanunit debug all diag debug enable
- Run the DLP test, wait until it fails, and check the logs.
- Stop the debugs: diag debug disable.
- Save the output obtained in the CLI.
Execute the WAD debugs:
diag wad debug enable category all diag wad debug enable level verbose diag wad debug enable cate http diag wad debug enable cate mapi diag wad debug enable leverl verb diagnose debug console timestamp enable dia de ena
Repeat the steps mentioned above from 1 to 3.
If ensure to know how to interpret the debugs obtained, open a TAC ticket. Reach Microsoft support to get additional assistance on how to configure the recent Outlook desktop app if it is possible.