Rise50
asked on
How do I allow Blackberry BIS access through HTTPS on my Fortinet Firewall
Hi,
I have a FortiWIFI 50 and have closed down inbound HTTPS. We have 15 users on Blackberry's using BIS.
I user's BIS keeps falling down, either he needs to keep resetting password, or won't get his mails.
I have opened up the firewall for the ports (I think) based on the following link.
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB11036&sliceId=SAL_Public&dialogID=63832630&stateId=1%200%2063826436
I started off with a nice tidy rule, but it has got bigger and bigger due to me trying to get this working, along with my limited networking skill :)
Currently it only works for everybody when I open HTTPS for ALL, otherwise this user and 1 other have problems.
Currently the unworking rule in my firewall policy has the following
Source - BLACKBERRY GROUP (which is all the IP from the blackberry link)
Destination - HTTPS
Service - HTTPS, SNMP
Any ideas? I am pulling out my hair, it the user with problems happens to be the Managing Director.
I have a FortiWIFI 50 and have closed down inbound HTTPS. We have 15 users on Blackberry's using BIS.
I user's BIS keeps falling down, either he needs to keep resetting password, or won't get his mails.
I have opened up the firewall for the ports (I think) based on the following link.
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB11036&sliceId=SAL_Public&dialogID=63832630&stateId=1%200%2063826436
I started off with a nice tidy rule, but it has got bigger and bigger due to me trying to get this working, along with my limited networking skill :)
Currently it only works for everybody when I open HTTPS for ALL, otherwise this user and 1 other have problems.
Currently the unworking rule in my firewall policy has the following
Source - BLACKBERRY GROUP (which is all the IP from the blackberry link)
Destination - HTTPS
Service - HTTPS, SNMP
Any ideas? I am pulling out my hair, it the user with problems happens to be the Managing Director.
ASKER
These are the address I have allowed
206.51.26.0 / 24 Netmask = 255.255.255.0
193.109.81.0 / 24 Netmask = 255.255.255.0
204.187.87.0 / 24 Netmask = 255.255.255.0
206.53.144.0 / 20 Netmask = 255.255.240.0
216.9.240.0 / 20 Netmask = 255.255.240.0
67.223.64.0 / 19 Netmask = 255.255.224.0
93.186.16.0 / 20 Netmask = 255.255.240.0
68.171.224.0 / 19 Netmask = 255.255.224.0
Smtp0[<1-3>].bis.eu.blackb erry.com
ten0[<1-16>].bis.eu.blackb erry.com
Bda[<1-240>].bis.eu.blackb erry.com
206.51.26.0 / 24 Netmask = 255.255.255.0
193.109.81.0 / 24 Netmask = 255.255.255.0
204.187.87.0 / 24 Netmask = 255.255.255.0
206.53.144.0 / 20 Netmask = 255.255.240.0
216.9.240.0 / 20 Netmask = 255.255.240.0
67.223.64.0 / 19 Netmask = 255.255.224.0
93.186.16.0 / 20 Netmask = 255.255.240.0
68.171.224.0 / 19 Netmask = 255.255.224.0
Smtp0[<1-3>].bis.eu.blackb
ten0[<1-16>].bis.eu.blackb
Bda[<1-240>].bis.eu.blackb
Is it functioning correctly with these ports open now? (or did you already have these IPs allowed?)
ASKER
It was just for clarification. They were already open.
Just can not get my head around why it is not working for only limited number of users.
Thanks!
Just can not get my head around why it is not working for only limited number of users.
Thanks!
If it is only effecting certain users, first thing I would do is on one of the bb devices, go to Options > Advanced Options > Service Book. Delete all entries, you have to delete one by one and you won't be able to delete all. Then go to the carrier's BIS site, resend service book from the site's option and wait 20 minutes and test.
ASKER
Thanks for that. I have done that. Have also completly wiped the device and tried from scratch. Also happens when I take a working unit and add the non-working account to that device .....
THanks for the idea.
THanks for the idea.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB11036&sliceId=1&docTypeID=DT_SUPPORTISSUE_1_1&dialogID=94156080&stateId=1 0 90604429