How do I allow Blackberry BIS access through HTTPS on my Fortinet Firewall

Hi,
I have a FortiWIFI 50 and have closed down inbound HTTPS. We have 15 users on Blackberry's using BIS.
I user's BIS keeps falling down, either he needs to keep resetting password, or won't get his mails.
I have opened up the firewall for the ports (I think) based on the following link.
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB11036&sliceId=SAL_Public&dialogID=63832630&stateId=1%200%2063826436

I started off with a nice tidy rule, but it has got bigger and bigger due to me trying to get this working, along with my limited networking skill :)

Currently it only works for everybody when I open HTTPS for ALL, otherwise this user and 1 other have problems.

Currently the unworking rule in my firewall policy has the following
Source - BLACKBERRY GROUP (which is all the IP from the blackberry link)
Destination - HTTPS
Service - HTTPS, SNMP

Any ideas? I am pulling out my hair, it the user with problems happens to be the Managing Director.
Rise50Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary CutriData & Communications SpecialistCommented:
Hi, the link below has a list of all the IP Addresses used by the BlackBerry Internet Service.  So just create an allow rule for these IPs to access https to the mail server (I am assuming your device are configured to access email via OWA integration).

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB11036&sliceId=1&docTypeID=DT_SUPPORTISSUE_1_1&dialogID=94156080&stateId=1 0 90604429
0
Rise50Author Commented:
These are the address I have allowed
206.51.26.0 / 24 Netmask = 255.255.255.0
193.109.81.0 / 24 Netmask = 255.255.255.0
204.187.87.0 / 24 Netmask = 255.255.255.0
206.53.144.0 / 20 Netmask = 255.255.240.0
216.9.240.0 / 20 Netmask = 255.255.240.0
67.223.64.0 / 19 Netmask = 255.255.224.0
93.186.16.0 / 20 Netmask = 255.255.240.0
68.171.224.0 / 19 Netmask = 255.255.224.0
Smtp0[<1-3>].bis.eu.blackberry.com
ten0[<1-16>].bis.eu.blackberry.com
Bda[<1-240>].bis.eu.blackberry.com

0
Gary CutriData & Communications SpecialistCommented:
Is it functioning correctly with these ports open now? (or did you already have these IPs allowed?)
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

Rise50Author Commented:
It was just for clarification. They were already open.
Just can not get my head around why it is not working for only limited number of users.
Thanks!
0
jderaCommented:
If it is only effecting certain users, first thing I would do is on one of the bb devices, go to Options > Advanced Options > Service Book.  Delete all entries, you have to delete one by one and you won't be able to delete all.  Then go to the carrier's BIS site, resend service book from the site's option and wait 20 minutes and test.
0
Rise50Author Commented:
Thanks for that. I have done that. Have also completly wiped the device and tried from scratch. Also happens when I take a working unit and add the non-working account to that device .....
THanks for the idea.
0
Rise50Author Commented:
SORTED IT!
turns out i had a typo in the rule on my firewall, why it only afftected 1 user I'll never know.
THanks for your help!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.