We have an MS DevOps server running and exposed via UTM (no firewall, "pass host header" enabled). For almost everything this works absolutely fine - people are able to access the DevOps site, log in normally, commit code via GIT, etc.
However, certain administrative operations appear to be hampered. On the surface these calls seem to be just like any other DevOps call as they appear to be regular HTTP requests to just another URI this time being an ASMX service: /TeamFoundation/Administration/v3.0/LocationService.asmx
From what I can tell there are no custom authentication settings for that ASMX service vs any other part of the system, so I'm a bit confused why that particular part fails when it's passed via DevOps.
Any suggestions on what might be wrong? I guess I could install a local LE agent on the server and use some NAT rules to expose ports 80 and 443 directly but that eats up a public IP and generally feels like the wrong approach...
EDIT: To avoid needless spam. Turns out this is the same issue as described here: https://community.sophos.com/utm-firewall/f/hardware-installation-up2date-licensing/132837/waf-issues-after-updating-to-9-709-3/490536
Look at that thread for more information. I don't to mark this thread with an answer as that would be misleading (as there's currently no answer)...
This thread was automatically locked due to age.
