anybody seeing issues with XG17 causing Outlook desktop client losing "sync" with Office365.

XG has always caused some kind of connectivity issues with Office 356 and windows updates, Ive been waiting for Sophos to add a method to use XML files or web db's of URL's & IP CIDRs for firewall rules destinations.  I managed to import a list of URLs i created from an XML file from MS but its only a web filter category so its not ideal as its till hitting the web proxy.  We need to import CIDR's to create hosts / host groups / or using XML files from urls really so firewall rules can be used with these as destinations and then set the filters & AV to none.

MS are updating the list of urls & ips all the time so best way would be to be pull from a web db.

JK

May I ask how you were able to import the XML file? I am trying to import an XML of web exceptions but i keep getting an error stating that it only accepts .TAR files even though the file i am trying to import is a .tar.  I have exported and tried editing directly in 7zip but that doesn`t work either. 

Joe

Simple screenshot would suffice (just 2nd set of eyes) , however it does sound like you have it setup correct.

I assume you have the firewall rule "top" ?

What doe the the sophos logs say?

Have you put a wireshark on one of the impacted machines? If so did this uncover anything?

I assume you have ruled out all other areas, eg: DNS ?

Adam

The logs say nothing, and after working with support and reviewing the forums I assume this is because it is more of a bug than a feature of the firewall.

I have done packet captures, reviewed them and sent them to support - they didn't see the issue either. 

Adam - Are you saying you were able to fix this issue? 

Joe

Honestly too early to say if the issue has 100% gone. The one of two locations i was using as a test case with GES Support the issue has definitely subsided since the rules have been setup. The other we are still monitoring. We have 20+ XG's which have exhibited the behavior. As mentioned a little earlier today we received an update from our Sophos Sales Contact who has been willing to listen to the issue. I posted his response which also contains what apparently is recommended by Sophos Pro Services. Tonight i implemented this on another XG so will need to monitor it to see how it goes.

Happy to share the file with you if you would like to give it a try - just DM your contact details

Cheers

Adam

I have to agree with Joe.  We have also done this and I am still having users with sync issues.  The FQDN list is not a fix.  There were a few times I thought it was working for a few days, but nope.  There is something fundamentally wrong with the firmware or something.  From what I can tell anyways...   

Not for a second do i doubt what you both are saying. This issue has been so intermittent its quite difficult to establish any sense of reason.

One thing i would suggest though for troubleshooting purposes anyway... is pick a single machine which regularly exhibits the behavior & give it a basic LAN > WAN rule (no features etc & for any destination & any service) see how this goes. 

Just thinking out loud 

Adam, 

That was my first troubleshooting step. I completely white listed one host hoping that would resolve the issue. But unfortunately there is something fundamentally flawed in the firmware. 

I will throw in my 2 cents,  I have only had one customer that had this issue.  It was driving me nuts.  I had the rules set to any any and no restrictions any were.  That was when I thought I had ruled out the XG as the issue, but I could not figure what was going.   I was going to reset switches just to see if the switches where having sometime of weird ARP issue.  I was guessing at things at this point.  They had a power outage that lasted longer than the battery backup and shut down everything.  When it came back up, everything was fixed.  I would love to see someone do a power rest of the XG and see if that fixes the issue.   They were using a REV1 XG135 in HA Active-Passive mode.

That is interesting, as someone also mentioned a similar scenario.  I was curious, so I tried shutting it down, but I am still having random users having issues. 

That would be an interesting experiment.  I will try that with my PC and see if I see the issue again on my machine. 

John, 

Interesting that the power cycle worked. I did fully power cycle my client's switches / firewalls a week ago because of an unrelated issue and they were still experiencing the sync problem. I did not have them down long, so maybe that is something I should try. 

John, 

Interesting that the power cycle worked. I did fully power cycle my client's switches / firewalls a week ago because of an unrelated issue and they were still experiencing the sync problem. I did not have them down long, so maybe that is something I should try. 

Today we had the return of this issue at both sites we were testing at.

Just implementing the last wildcard option given to us by Sophos. Should this fail i will be trying dropping the power option suggested to see.

Adam, 

Let me know if that worked out for you. I still can't get it to work, the only thing I have left to do is power cycle the Firewall - something that is not easily done for clients with HA demands!