Thread Info
  • State Verified Answer
  • +7 person also asked this people also asked this
  • Locked Locked
  • Replies 123 replies
  • Answers 2 answers
  • Subscribers 46 subscribers
  • Views 288521 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

anybody seeing issues with XG17 causing Outlook desktop client losing "sync" with Office365.

wpajack

We've starting seeing issues in the last month or so with Outlook desktop client losing sync with Office365 when it will just stop syncing the cached mailbox.  no errors and it will say all folders up to date.  It takes restarting Outlook for it to get back in sync and it will stay synced for a random period of time at which time it will stop syncing again.

 

I'm thinking the issue is linked with the upgrade from XG16 to XG17 that happened around the same time.  i waited until MR3 to upgrade to XG17.  I did the MR5 upgrade to see it that would help but it doesn't appear so.



This thread was automatically locked due to age.
Parents
  • 0

    XG has always caused some kind of connectivity issues with Office 356 and windows updates, Ive been waiting for Sophos to add a method to use XML files or web db's of URL's & IP CIDRs for firewall rules destinations.  I managed to import a list of URLs i created from an XML file from MS but its only a web filter category so its not ideal as its till hitting the web proxy.  We need to import CIDR's to create hosts / host groups / or using XML files from urls really so firewall rules can be used with these as destinations and then set the filters & AV to none.

    MS are updating the list of urls & ips all the time so best way would be to be pull from a web db.

    JK

  • 0 in reply to john_kenny

    May I ask how you were able to import the XML file? I am trying to import an XML of web exceptions but i keep getting an error stating that it only accepts .TAR files even though the file i am trying to import is a .tar.  I have exported and tried editing directly in 7zip but that doesn`t work either. 

  • 0 in reply to Charles Johnson

    Not sure where the snag is here - Off the top of my head you should have a space on both sides of the '-F' flag.  Also - prefix the IP with https://. It Should be 

    $ curl -k https://10.1.70.1:4444/webconsole/APIController? -F C:\Users\blank\Des ktop\O_365_FQDN_HOST.xml

     

    That said I think I know what your trying to do. I actually just did the same thing yesterday and had some issues. If you are using the FQDN list that you found here there are some duplicates and issues with the format of the FQDNs which causes the API to reject the changes. 

    I had to filter all the doubles out and a couple others. In total I think I pulled 6 out. 

    Based on the traffic on these forums I am guessing that there are more than just you and I trying to get this done. I will try and get a tutorial posted today on my blog with a walk through and the full xml you need to add all Office 356 Hosts. I will post the link here when that is done. 

    Also, I don't know how comfortable you are with Python, but if your on a windows machine may be easier to use that. If you have access to a Linux box I would use that for cURL before Windows. (That may just be my personal hatred for Windows coming out)

  • 0 in reply to Charles Johnson

     

    Sorry, this weekend go away from me and I was not able to put the tutorial up yet. I will just post the XML I used here so you and others can have access to it. As I mentioned before, this is adapted from the Office365 zip file from Sophos support. I changed all domains to have the wild card '*', then wrapped them in xml tags. The other major difference was that I had to remove six domains from the list because they were causing the API to error out. 

     

    These two attached files contain the XML to add all the domain objects from the O365 list (minus the six bad ones) then all those objects are added to a host group. 

    First, send the FQDN_HOSTS.xml file to the API (Creates the objects)

    Then, send the FQDN_GROUP.xml to the API (Assigns all objects to FQDN Group)

     

    You can send me a private message if it is still not working and we can troubleshoot it further. 

    7026.FQDN_HOSTS.xml0383.FQDN_GROUP.xml

  • 0 in reply to Adam Rippon

    To add some context to this post that Adam has shared:

    This information was provided by our support to assist with Adam's specific support case and issue. Use the information above at your own discretion. If you had any questions regarding the information and suggestion, I would advise to please contact support for further clarification and confirmation.

    Regards,

    Flo

  • 0 in reply to FloSupport

    Hi All

    Below is the update received today (after we had a productive meeting with our appointed Sophos Sales Engineer). We have conveyed some concerns with the blanket approach however as the email suggests its interim whilst the issue is raised with product management. In our eyes this issue goes well beyond just the initial "support" help we have a problem... but more for development / product management teams to factor in a simple yet manageable solution for products such as Office 365.

    Cheers

    Adam



    Sent:     Wednesday, 23 May 2018 5:26 PM
    Subject: Office 365 domains

     

    Hello Adam, Garth

    Following on from our call on Monday, this is the list of domains used by our Pro Services in Office 365 environments, derived from the Microsoft article.  I suspect that there is much on this list that doesn’t actually need to be there for our bypass purposes.

     

    *.cloudappsecurity.com

    *.onmicrosoft.com

    *.office.net

    *.office.com

    *.office365.com

    *.microsoft.com

    *.microsoftonline.com

    *.live.com

    *.azure.net

    *.msecnd.net

    *.windows.net

    *.windowsazure.com

    *.sharepointonline.com

    *.visualstudio.com

    *.cloudapp.net

    *.azureedge.net

     

    I have attached an tarr’ed XML file that you can import.  You will find an FQDN Group that I called “Office 365 Domains”.  You can add an Office 365 as an allowed exception at the top or near the top of your firewall rules.  Your rule would look something like this:

     

    You can import the XML by going Backup & Firmware -> Import Export.   In my experience, using import export can impact performance, particularly on the smaller units, so I wouldn’t import it on a live system.   The log viewer “admin” view will show success of import.

     

    As discussed, this is to help in the near term.  I’ll let you know of any feedback I get from our product management…

     

    Regards"

  • 0 in reply to Adam Rippon

    I want to note that I have now imported the full list of 230+ FQDNs from the list circulating around here; and it did NOT resolve the issue. My clients are still reporting the sync issue. I have a ticket with support but I am still fighting my way up the escalation ladder. 

    It seems the approach with adding the massive FQDN list is to just throw everything at it and hope something works. This is disappointing to say the least. 

  • 0 in reply to Joe Plunkett

    Joe

    Care to share how you have this setup? I am curious as so far across many sites we are now functioning. (Note: we are still slowing progressing our changes through the rest)

    I am sure many here are happy to assist

     

    Cheers

    Adam

  • 0 in reply to Adam Rippon

    Adam, 

    I am not sure by what you mean as setup? I imported all the FQDNs with the API - then created a firewall rule which turns off all scanning to those domains. I have also imported all of the URLs as exceptions - neither change fixed the issue. 

  • 0 in reply to Joe Plunkett

    Joe

    Simple screenshot would suffice (just 2nd set of eyes) , however it does sound like you have it setup correct.

    I assume you have the firewall rule "top" ?

    What doe the the sophos logs say?

    Have you put a wireshark on one of the impacted machines? If so did this uncover anything?

    I assume you have ruled out all other areas, eg: DNS ?

    Adam

  • 0 in reply to Adam Rippon

    The logs say nothing, and after working with support and reviewing the forums I assume this is because it is more of a bug than a feature of the firewall.

    I have done packet captures, reviewed them and sent them to support - they didn't see the issue either. 

    Adam - Are you saying you were able to fix this issue? 

  • 0 in reply to Joe Plunkett

    Joe

    Honestly too early to say if the issue has 100% gone. The one of two locations i was using as a test case with GES Support the issue has definitely subsided since the rules have been setup. The other we are still monitoring. We have 20+ XG's which have exhibited the behavior. As mentioned a little earlier today we received an update from our Sophos Sales Contact who has been willing to listen to the issue. I posted his response which also contains what apparently is recommended by Sophos Pro Services. Tonight i implemented this on another XG so will need to monitor it to see how it goes.

    Happy to share the file with you if you would like to give it a try - just DM your contact details

    Cheers

    Adam

Reply
  • 0 in reply to Joe Plunkett

    Joe

    Honestly too early to say if the issue has 100% gone. The one of two locations i was using as a test case with GES Support the issue has definitely subsided since the rules have been setup. The other we are still monitoring. We have 20+ XG's which have exhibited the behavior. As mentioned a little earlier today we received an update from our Sophos Sales Contact who has been willing to listen to the issue. I posted his response which also contains what apparently is recommended by Sophos Pro Services. Tonight i implemented this on another XG so will need to monitor it to see how it goes.

    Happy to share the file with you if you would like to give it a try - just DM your contact details

    Cheers

    Adam

Children
No Data