Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 949 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG: Problems with WAF and Exchange 2019

David Lorenz

Hello Community,

my name is David Lorenz and i have a problem with the WAF from our customer. They use Exchange 2019 on prem. and users from a branch office in egypt have connectionproblems. I already have set some exclusions in the rules because of errors in the reverseproxy.log. But I dont know how to fix the following two errors in the log. The customer can not send mails via. outlook (without vpn). Maybe someone of you can help me with that. Thank you in advance!

Error 1:

[Mon Feb 13 09:49:37.176633 2023] [proxy_http:error] [pid 24317:tid 139956497209088] (70007)The timeout specified has expired: [client IP:64739] AH01102: error reading status line from remote server IP:443
[Mon Feb 13 09:49:37.176660 2023] [proxy:error] [pid 24317:tid 139956497209088] [client 79.238.124.63:64739] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync

Error 2:

[Mon Feb 13 09:49:43.264596 2023] [url_hardening:error] [pid 26971:tid 139956156503808] [client IP:54056] Hostname in HTTP request (IP) does not match the server name (a5b35025015e970d5f9e9db094a65d1e_redirect_ssl)

My WAF-Rule Autodiscover:

My WAF-Rule Mail:



This thread was automatically locked due to age.
Parents
  • 0

    I have the same problem at our other customer with an exchange 2016. They get:

    [Tue Feb 14 09:31:26.899947 2023] [proxy_http:error] [pid 6162:tid 140226252994304] (70007)The timeout specified has expired: [client xxx:15817] AH01102: error reading status line from remote server xxx:443
    [Tue Feb 14 09:31:26.899990 2023] [proxy:error] [pid 6162:tid 140226252994304] [client xxx:15817] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync

    I started a TeamViewer connection and outlook probted the username and password menu. They type in the right credentials but it doesent work. I activated the dnat rule temporary again that our customer can use outlook without vpn.

    Maybe this information helps you. Thank you in advance!

Reply
  • 0

    I have the same problem at our other customer with an exchange 2016. They get:

    [Tue Feb 14 09:31:26.899947 2023] [proxy_http:error] [pid 6162:tid 140226252994304] (70007)The timeout specified has expired: [client xxx:15817] AH01102: error reading status line from remote server xxx:443
    [Tue Feb 14 09:31:26.899990 2023] [proxy:error] [pid 6162:tid 140226252994304] [client xxx:15817] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync

    I started a TeamViewer connection and outlook probted the username and password menu. They type in the right credentials but it doesent work. I activated the dnat rule temporary again that our customer can use outlook without vpn.

    Maybe this information helps you. Thank you in advance!

Children
No Data
Unfiltered HTML