Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Excel Timoeouts in SharePoint and office 365

David Jumbi

Hi

I have a Sophos XG 125. Users in the office experience a lot of timeouts and sluggish behavior when using online excel documents more so those on SharePoint. I have included the required exemptions as per the below link but the problem persists. Users who are working from home do not experience this issue so has to be something in the office premise network. Kindly help in troubleshooting this

support.sophos.com/.../KB-000038173



This thread was automatically locked due to age.
Parents
  • 0

    I've added all the relevant sharepoint and office online links as per the Microsoft link , even went ahead to create a new rule just for these links and exempt them from certain profile checks. Now the issue has shifted from being permanent to being intermittent which is worse in my opinion. one day everyone is cool the next day everyone is raising issues.

  • 0 in reply to David Jumbi

    Hi, you need to narrow it down by checking the logs:

    1. Firewall: anything blocked on the VoIP Ports used by MSO365 programs? (probably not used by Excel and Sharepoint)

    2. Firewall: blocked packets to Microsoft servers from the endpoints during times of  app hang? Check the IP and to which IP Range from the MSO365 site it belongs.

    3. IPS: anything like UDP flood blocked in IPS logs? Also check this on any other upstream firewall if there is one.

    4. Webfilter or DPI: check all URL the clients are accessing during time of all hang. Do they belong to MSO365? Check wil any mentioned here. ALL of this requests may not be proxied or DPI/SSL scanned. You need webfilter exceptions for all of them.

    No exceptions? Fail.

    Check your MSO Exception lists.

    Example1: fail

    Example2: fail

    Also note a recent huge change from Microsoft on the URL lists :-/

  • 0 in reply to LHerzog

    Hi 

    the one url that's contant when working with excel is https://cac-excel.officeapps.live.com. every request to begins with this and they are very lengthy and complex  url. Just a copy and paste generates almost 10 URLs requests. Scrolling the same up and down generates multiples requests as well but they begin with above URL

  • 0 in reply to David Jumbi

    and is it excluded when you review the logs?

    how does your Exception rule look like for this? And the according firewall rule? You could start posting some logs or Screenshots.

  • 0 in reply to LHerzog

    I'm analyzing the traffic using developer tools in the browser (all users are on chrome). So from the developer tools when this url  https://cac-excel.officeapps.live.com is generated most traffic are ok(200). Some of it delays and are highlighted pending and this is what causes issues to my users. Some traffic remains pending for long and eventually highlighted red indicating some sort of 404. My guess is that this is because the traffic times out. Now all this is on chrome developer tools. 

    Lets come back to Sophos, the exceptions in your screenshot are exempted as  ^([A-Za-z0-9.-]*\.)?officeapps.live\.com\.?/ and ^([A-Za-z0-9.-]*\.)?online.office\.com\.?/     among other relevant Microsoft URLs On my firewall rules, traffic to *.officeapps.live.com  and other Microsoft services have  their own rule which is active as I can see lots of GBs going through it. When I go to the logs all traffic using this rule is allowed nothing seems to be blocked from the log viewer unless there are other ways to check.

  • 0 in reply to David Jumbi

    You should not look for blocked packets, you need to be sure, they are caught by proxy/scanning exceptions. See my previous posts.

    This is an example of the required web exception:

      <WebFilterException transactionid="">
    <Name>O365 - 46 (Common - Allow)</Name>
    <Desc>ID: 46 - Allow - Microsoft 365 Common and Office Online (Required)</Desc>
    <NewName>O365 - 46 (Common - Allow)</NewName>
    <Enabled>on</Enabled>
    <HttpsDecrypt>on</HttpsDecrypt>
    <CertValidation>on</CertValidation>
    <VirusScan>on</VirusScan>
    <Sandstorm>on</Sandstorm>
    <PolicyCheck>on</PolicyCheck>
    <EnableSrcIP>no</EnableSrcIP>
    <EnableDstIP>yes</EnableDstIP>
    <EnableURLRegex>yes</EnableURLRegex>
    <EnableWebCat>no</EnableWebCat>
    <IsDefault>no</IsDefault>
    <DomainList>
      <DstIp>13.107.6.171</DstIp>
      <DstIp>13.107.18.15</DstIp>
      <DstIp>13.107.140.6</DstIp>
      <DstIp>52.108.0.0/14</DstIp>
      <DstIp>52.238.106.116</DstIp>
      <DstIp>52.244.37.168</DstIp>
      <DstIp>52.244.203.72</DstIp>
      <DstIp>52.244.207.172</DstIp>
      <DstIp>52.244.223.198</DstIp>
      <DstIp>52.247.150.191</DstIp>
      <DstIp>2603:1010:2::cb</DstIp>
      <DstIp>2603:1010:200::c7</DstIp>
      <DstIp>2603:1020:200::682f:a0fd</DstIp>
      <DstIp>2603:1020:201:9::c6</DstIp>
      <DstIp>2603:1020:600::a1</DstIp>
      <DstIp>2603:1020:700::a2</DstIp>
      <DstIp>2603:1020:800:2::6</DstIp>
      <DstIp>2603:1020:900::8</DstIp>
      <DstIp>2603:1030:7::749</DstIp>
      <DstIp>2603:1030:800:5::bfee:ad3c</DstIp>
      <DstIp>2603:1030:f00::17</DstIp>
      <DstIp>2603:1030:1000::21a</DstIp>
      <DstIp>2603:1040:200::4f3</DstIp>
      <DstIp>2603:1040:401::762</DstIp>
      <DstIp>2603:1040:601::60f</DstIp>
      <DstIp>2603:1040:a01::1e</DstIp>
      <DstIp>2603:1040:c01::28</DstIp>
      <DstIp>2603:1040:e00:1::2f</DstIp>
      <DstIp>2603:1040:f00::1f</DstIp>
      <DstIp>2603:1050:1::cd</DstIp>
      <DstIp>2620:1ec:c::15</DstIp>
      <DstIp>2620:1ec:8fc::6</DstIp>
      <DstIp>2620:1ec:a92::171</DstIp>
      <DstIp>2a01:111:f100:2000::a83e:3019</DstIp>
      <DstIp>2a01:111:f100:2002::8975:2d79</DstIp>
      <DstIp>2a01:111:f100:2002::8975:2da8</DstIp>
      <DstIp>2a01:111:f100:7000::6fdd:6cd5</DstIp>
      <DstIp>2a01:111:f100:a004::bfeb:88cf</DstIp>
      <URLRegex>^([a-zA-Z0-9.-]*\.)?officeapps\.live\.com\/</URLRegex>
      <URLRegex>^([a-zA-Z0-9.-]*\.)?online\.office\.com\/</URLRegex>
      <URLRegex>^office\.live\.com\/</URLRegex>
    </DomainList>
  </WebFilterException>

    working exception example:

    post the fw rule, that matches the traffic and show the settings for:

    Security features / Web filtering

  • 0 in reply to LHerzog

    Here is my exception list , it has many more urls but I do not know how to generate an XML file as you have done

Reply Children
No Data