Today I ran into a strange issue regarding Outlook 2013 and newer versions (Office 365).
A customer reported authentication issues with his SG330 when accessing web pages that require authentication. The users got a "proxy authentication required" message in their browsers.
As I wanted to check the live log I didn't had 3 seconds till my browser window froze. The UTM was producing 10 times more logs for the web filter in 6 hours than yesterday. There were thousands of entries for "http://weather.service.msn.com/data.aspx?wealocations=&...", I was able to take a screenshot where more than 50 requests were shown within 1 second. I don't know if that is responsible for the authentication problems, but it felt like an internal DoS against the web filter.
We disabled it via GPO in Outlook and for now, the requests stopped. We are monitoring the authentication issues now.
I checked the UTM of another customer and saw the same "mass requests" there till today. Before today, there were single requests, over a day 160 or so. Today there are more than 160 in a minute...
This thread was automatically locked due to age.
