The CVE affects only endpoints and allows unsanitized urls to be delivered to users
"For the vulnerability to be exploited, a user must click a specially crafted URL that takes the user to a targeted Lync or Skype for Business site."
This secondary connection would not match the CVE, but some other exploit (XSS,..) which will be checked by TP, URL filtering and DNS Security/sinkhole
The CVE that you mentioned is a vulnerability actually in place within SfB. The exploit would likely be contained in an email message (as stated in the CVE) that a user would click on. There really isn't anything for the firewall to trigger on here. Also kind of important to note here, this CVE is rather old and has been patched for a while, so updates should have already been applied to the server rendering this CVE non-exploitable.
The firewall itself may pick up on another vulnerability as @reaper pointed out in his reply. If you can't update the SfB server in question for some reason (which would fix the issue outright and should be done) then you would want to ensure that client traffic to your target system are actually being fully inspected.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!