Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 479 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webserver Protection Exchange Cluster

AlexanderPoettinger

Hello, I'm having some trouble wit the webserver protection for an Exchange 2016 Cluster.

We're running a brand new XGS3300 firewall cluster in our datacenter with 10 Gig internet connection.

I've configured only IPS rules for the Exchange Webserver protection, no filtering rules (as that mostly fails on the MAPI/Outlook access)

My problem is, that when I configure both servers in the webserver protection, even with "Sticky Session" activated, we get Outlook asking for password quite often.

Only if I put the server connection in "Stand by" mode, where therefore all the connections are served to the first server and the second is only in stand by, then I get no problems.

I've tried playing around with the Time-Out times both on the Sophos Webserver settings and on the IIS Site settings.

I've tried extending it on both to 3600 seconds, but that was a desaster... I should have known... was too much for the IIS :-)

Have put it to 360 seconds for both now and am waiting for a response from the customer.

But wanted also to have an input from other users about their experiences.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Bharat J

    Here the WAF firewall rules for the Exchange servers

    These are the only WAF rules for this IP address.

    There is an incoming NAT rule for this IP address, but only for SMTP protocols.

    Outgoing NAT for these servers also masquerade on the same IP address for all ports and protocols.

    Here the settings for "mail"

    And here for "autodiscover"

    And here the IPS rule for this WAF rule

    Here the Settings for the Webservers (both are exactly the same therefore only the first)

    ActiveSync and OWA work without error.

    But Outlook MAPI has problems.

    Strangely from the customer's office there is no problem but from home offices the users receive continuosly login requests.

    Still from the office and from the home offices the IP resolution ist still the same public IP address

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner

  • 0 in reply to AlexanderPoettinger

    Hi AlexanderPoettinger

    You can view the WAF log files from the following locations to troubleshoot the issue 
     

    • Sophos Firewall - go to Log viewer at the top of the screen and then select Web Server Protection from the drop-down menu.
    • Advanced Shell - go to /log/reverseproxy.log
    • Live log view - tail -f /log/reverseproxy.log

    Please refer the below link for more details investigation 

    https://support.sophos.com/support/s/article/KB-000036242?language=en_US 

    Share suspicious logs for reverseproxy you have observed as well as any error or error messages encounter on user/s system/s.

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML