Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 1742 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange auto discover

leo leo

Hi,

i wish you all a happy new year,

since we started using XGS2100 appliances with version SFOS 19.0.1 MR-1-Build365, have we noted some problem

like Auto discover is blocked.

i am trying to call the auto discover service but web application blocked it,

that leads to some problem like teams calendar are disappeared because of this issue.

i hope that i find the support for this case



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, in that case you can always create an exception for the exchange auto discover.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    i already done but it still blocked have you  a screen shot for this exception how and are the skipped rules in the exception standard id in all sophos version ?

     

  • 0 in reply to leo leo

    You can create an exception with the reference below:

    ====================================
    But if the request are still blocking, then it could be casue of the server and it may not be firewall related at all !
    As in a debug request can be analyzed with the reference below:

    1672657444.718117086 [12992/0x7f0e21565800] fwid=4 fwflag="" iap=13 aap=0 conn_id=1893385491 id="0002" name="web request blocked" action="error" method="CONNECT" srcip="10.X.X.X" dstip="38.96.29.10" user="Goku" statuscode=500 cached=0 trxlen=517 rxlen=0 url="autodiscover.contoso.com/" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=6 cattime=279 avscantime=0 fullreqtime=15084713 ua="" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None" exceptions=""
    =====================================
    The HTTP status code 500 is a generic error response. It means that the server encountered an unexpected condition that prevented it from fulfilling the request. This error is usually returned by the server when no other error code is suitable.
    =====================================
    For the reference refer the following links:
    1.) Autodiscover service in Exchange Server
    2.) Autodiscover for Exchange

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Thank you for support but the firewall keep blocking the auto discover link. have you please another advice?

  • 0 in reply to leo leo

    I would suggest you to diagnose with the debug logs to narrow down situation, it is not a hardware fault ! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Request blocked

    The web application firewall has blocked access to /Autodiscover/Autodiscover.xml for the following reason:

    No signature found


    still blocked from outside

    internally it works

  • 0 in reply to leo leo

    In that case WAF troubleshooting can help, check the reverproxy.log while accessing the site from outside !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to leo leo

    The reason here is Static URL Hardening, no signature found. 

    It would be best practice to always enable both URL hardening and form hardening because those two functions are complementary, especially in the way that they prevent issues you may have when enabling just one of them:
    • Only form hardening is activated: When a webpage contains hyperlinks with appended queries (which is the case with certain CMSs), e.g. example.com/, such page requests are blocked by form hardening because it expects a signature, which is missing.
    • Only URL hardening is activated: When a web browser appends form data to the action URL of the form tag of a web form (which is the case with GET requests), the form data becomes part of the request URL sent to the webserver, by that rendering the URL signature invalid.

    The reason why activating both functions solves those issues is that in case either form hardening or URL hardening find that a request is valid, the WAF accepts the request.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to leo leo

    The reason here is Static URL Hardening, no signature found. 

    It would be best practice to always enable both URL hardening and form hardening because those two functions are complementary, especially in the way that they prevent issues you may have when enabling just one of them:
    • Only form hardening is activated: When a webpage contains hyperlinks with appended queries (which is the case with certain CMSs), e.g. example.com/, such page requests are blocked by form hardening because it expects a signature, which is missing.
    • Only URL hardening is activated: When a web browser appends form data to the action URL of the form tag of a web form (which is the case with GET requests), the form data becomes part of the request URL sent to the webserver, by that rendering the URL signature invalid.

    The reason why activating both functions solves those issues is that in case either form hardening or URL hardening find that a request is valid, the WAF accepts the request.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children
Unfiltered HTML