• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1224
  • Last Modified:

How do I allow Blackberry BIS access through HTTPS on my Fortinet Firewall

I have a FortiWIFI 50 and have closed down inbound HTTPS. We have 15 users on Blackberry's using BIS.
I user's BIS keeps falling down, either he needs to keep resetting password, or won't get his mails.
I have opened up the firewall for the ports (I think) based on the following link.

I started off with a nice tidy rule, but it has got bigger and bigger due to me trying to get this working, along with my limited networking skill :)

Currently it only works for everybody when I open HTTPS for ALL, otherwise this user and 1 other have problems.

Currently the unworking rule in my firewall policy has the following
Source - BLACKBERRY GROUP (which is all the IP from the blackberry link)
Destination - HTTPS
Service - HTTPS, SNMP

Any ideas? I am pulling out my hair, it the user with problems happens to be the Managing Director.
  • 4
  • 2
1 Solution
Gary CutriData & Communications SpecialistCommented:
Hi, the link below has a list of all the IP Addresses used by the BlackBerry Internet Service.  So just create an allow rule for these IPs to access https to the mail server (I am assuming your device are configured to access email via OWA integration).

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB11036&sliceId=1&docTypeID=DT_SUPPORTISSUE_1_1&dialogID=94156080&stateId=1 0 90604429
Rise50Author Commented:
These are the address I have allowed / 24 Netmask = / 24 Netmask = / 24 Netmask = / 20 Netmask = / 20 Netmask = / 19 Netmask = / 20 Netmask = / 19 Netmask =

Gary CutriData & Communications SpecialistCommented:
Is it functioning correctly with these ports open now? (or did you already have these IPs allowed?)
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Rise50Author Commented:
It was just for clarification. They were already open.
Just can not get my head around why it is not working for only limited number of users.
If it is only effecting certain users, first thing I would do is on one of the bb devices, go to Options > Advanced Options > Service Book.  Delete all entries, you have to delete one by one and you won't be able to delete all.  Then go to the carrier's BIS site, resend service book from the site's option and wait 20 minutes and test.
Rise50Author Commented:
Thanks for that. I have done that. Have also completly wiped the device and tried from scratch. Also happens when I take a working unit and add the non-working account to that device .....
THanks for the idea.
Rise50Author Commented:
turns out i had a typo in the rule on my firewall, why it only afftected 1 user I'll never know.
THanks for your help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now