Sophos XG 210 Exchange 2010 WAF

Mohammed,

XG uses the same WAF module as UTM9. Did you have a look at the great guide published by Michel?

https://networkguy.de/?p=998

If yes, please share what you have done on your XG.

Regards

Hi lferrara,

please find all the attached ha been done by Sophos Support.

regard's.

Thanks for the screenshots.

What error do you have? What is not working?

Give us errors you receive when you try to connect to exchange server.

Thanks

thanks for your replay,

nothing is working at all , as per them they collect the logs and they are working on it below are the logs .

[Tue Jan 31 17:16:14.822183 2017] timestamp="1485872174" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="343019" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"" set-cookie="exchangecookie=b4944a1a3bd84481be46edaa9c5f2a67; expires=Wed, 31-Jan-2018 14:16:15 GMT; path=/; HttpOnly" recvbytes="1200" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:15.168499 2017] timestamp="1485872175" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="341038" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=b4944a1a3bd84481be46edaa9c5f2a67" set-cookie="-" recvbytes="553" sentbytes="613" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:15.511491 2017] timestamp="1485872175" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="316765" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=b4944a1a3bd84481be46edaa9c5f2a67" set-cookie="-" recvbytes="1671" sentbytes="312" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:15.830131 2017] timestamp="1485872175" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="322145" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=b4944a1a3bd84481be46edaa9c5f2a67" set-cookie="-" recvbytes="553" sentbytes="613" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:16.154271 2017] timestamp="1485872176" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="320950" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=b4944a1a3bd84481be46edaa9c5f2a67" set-cookie="-" recvbytes="1671" sentbytes="312" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:16.519005 2017] timestamp="1485872176" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="338457" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"" set-cookie="exchangecookie=0abe0d0d04254d5c934e934816c9335d; expires=Wed, 31-Jan-2018 14:16:16 GMT; path=/; HttpOnly" recvbytes="1200" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:16.860781 2017] timestamp="1485872176" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="340544" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=0abe0d0d04254d5c934e934816c9335d" set-cookie="-" recvbytes="553" sentbytes="613" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:17.203285 2017] timestamp="1485872177" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="320427" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=0abe0d0d04254d5c934e934816c9335d" set-cookie="-" recvbytes="1671" sentbytes="312" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:17.525580 2017] timestamp="1485872177" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="320085" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=0abe0d0d04254d5c934e934816c9335d" set-cookie="-" recvbytes="553" sentbytes="613" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:16:17.847662 2017] timestamp="1485872177" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="321073" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{088BDD52-B0A3-4FC8-B3E4-F7E84D37ECB0}\"; exchangecookie=0abe0d0d04254d5c934e934816c9335d" set-cookie="-" recvbytes="1671" sentbytes="312" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:15:21.716590 2017] timestamp="1485872121" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="RPC_OUT_DATA" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="101433315" url="/rpc/rpcproxy.dll" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{BB4E93A9-FF67-4290-B7FA-30B2C53F8100} Outlook=16.0.6965.6571 OS=10.0.14393 CPUArchitecture=9\"" set-cookie="-" recvbytes="914" sentbytes="4193" protocol="HTTP/1.1" ctype="application/x-msdos-program" uagent="MSRPC" querystring="?casarray.pfqatar.local:6001" ruleid="2"
[Tue Jan 31 17:17:02.971844 2017] timestamp="1485872222" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="662959" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{BB4E93A9-FF67-4290-B7FA-30B2C53F8100}\"; exchangecookie=29ad453e891c42b0bc7f7f35c2468737" set-cookie="-" recvbytes="1008" sentbytes="105" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:02.971046 2017] timestamp="1485872222" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="663937" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{BB4E93A9-FF67-4290-B7FA-30B2C53F8100}\"; exchangecookie=0a8dcbd006af4b80a029e3ef47e8943c" set-cookie="-" recvbytes="1008" sentbytes="105" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:02.969931 2017] timestamp="1485872222" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="665160" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{BB4E93A9-FF67-4290-B7FA-30B2C53F8100}\"; exchangecookie=0b36afa0cf3d49eba9cc49f283bed760" set-cookie="-" recvbytes="1008" sentbytes="105" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:02.980606 2017] timestamp="1485872222" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="656593" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{BB4E93A9-FF67-4290-B7FA-30B2C53F8100}\"; exchangecookie=ef64a0ac76074b68978593a95a2bf1c4" set-cookie="-" recvbytes="875" sentbytes="4193" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:02.980849 2017] timestamp="1485872222" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="656970" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{BB4E93A9-FF67-4290-B7FA-30B2C53F8100}\"; exchangecookie=c81e0d58357e4ef3bd0aa6697f3f4020" set-cookie="-" recvbytes="875" sentbytes="4193" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:07.073657 2017] timestamp="1485872227" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="344760" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"" set-cookie="exchangecookie=a428614e5df94646999c9e999ecd8ade; expires=Wed, 31-Jan-2018 14:17:07 GMT; path=/; HttpOnly" recvbytes="1201" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:07.092739 2017] timestamp="1485872227" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="326136" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"" set-cookie="exchangecookie=b84b5dd70f014a93b03425344cd8f09d; expires=Wed, 31-Jan-2018 14:17:07 GMT; path=/; HttpOnly" recvbytes="1201" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:07.423327 2017] timestamp="1485872227" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="323955" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"; exchangecookie=b84b5dd70f014a93b03425344cd8f09d" set-cookie="-" recvbytes="554" sentbytes="613" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:07.423345 2017] timestamp="1485872227" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="324056" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"; exchangecookie=a428614e5df94646999c9e999ecd8ade" set-cookie="-" recvbytes="554" sentbytes="613" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:07.749499 2017] timestamp="1485872227" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="325346" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"; exchangecookie=b84b5dd70f014a93b03425344cd8f09d" set-cookie="-" recvbytes="1668" sentbytes="1056" protocol="HTTP/1.1" ctype="text/xml" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:07.749421 2017] timestamp="1485872227" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="328821" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"; exchangecookie=a428614e5df94646999c9e999ecd8ade" set-cookie="-" recvbytes="1668" sentbytes="1056" protocol="HTTP/1.1" ctype="text/xml" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:08.406085 2017] timestamp="1485872228" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="27627" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"" set-cookie="exchangecookie=1808c0d5a04b438eb01eed841175e4a0; expires=Wed, 31-Jan-2018 14:17:08 GMT; path=/; HttpOnly" recvbytes="1201" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:08.096917 2017] timestamp="1485872228" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="338570" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"" set-cookie="exchangecookie=b0da319671064e34bc1067ff8f8a534f; expires=Wed, 31-Jan-2018 14:17:08 GMT; path=/; HttpOnly" recvbytes="1201" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:08.399631 2017] timestamp="1485872228" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="36500" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"" set-cookie="exchangecookie=bfffeb69c28c4053bddb77535a308b56; expires=Wed, 31-Jan-2018 14:17:08 GMT; path=/; HttpOnly" recvbytes="1618" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:08.094208 2017] timestamp="1485872228" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="342529" url="/ews/exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268}\"" set-cookie="exchangecookie=ae0f725ad19c4e9089c64a5b41ce507a; expires=Wed, 31-Jan-2018 14:17:08 GMT; path=/; HttpOnly" recvbytes="1201" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:08.842148 2017] timestamp="1485872228" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="339718" url="/EWS/Exchange.asmx" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{208E0F53-87F6-4F09-87DF-09ECC68A844E}\"" set-cookie="exchangecookie=f9d77c58623244abab8f36b9d95852c7; expires=Wed, 31-Jan-2018 14:17:09 GMT; path=/; HttpOnly" recvbytes="1200" sentbytes="4624" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.6925; Pro)" querystring="" ruleid="2"
[Tue Jan 31 17:17:08.031406 2017] timestamp="1485872228" srcip="172.16.50.153" localip="172.16.50.151" user="-" host="172.16.50.153" method="RPC_IN_DATA" statuscode="408" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies" duration="20324933" url="/rpc/rpcproxy.dll" server="mail.pfqatar.com" referer="-" cookie="OutlookSession=\"{0FD4F943-A85D-4CF4-9A47-1339C6633268} Outlook=16.0.6965.6571 OS=10.0.14393 CPUArchitecture=9\"" set-cookie="-" recvbytes="911" sentbytes="4642" protocol="HTTP/1.1" ctype="text/html" uagent="MSRPC" querystring="?casarray.pfqatar.local:6001" ruleid="2"

4111.LOGS FROM Sophos.pdf

Quickest way to get this at least working.....
Get rid of all your WAF (owa rpc autodiscover activesync...) mess,  and just add dNAT rule , forwarding port TCP443