Publish Exchange server through XG Firewall.

I am looking for an example or directions for publishing an Exchange Server (OWA, active sync, etc) through XG Firewall. I found one for UTM, but nothing for XG. They are different enough that I don't find the UTM example useful. The admin manual is often not descriptive enough to be useful. I am finding the XG OS not very intuitive and am struggling with each rule I am trying to add. (Kinda wish I had opted for the UTM product instead)

I created a rule, and tried connecting through OWA, but the browser eventually gives up with "the connection was reset" I haven't stumbled across any way to know what is happening within the XG with those requests.

  • Hi Larry,

    Did you ever get this working?  Any tips or gotchas?

    Cheers,

    Ady

  • I did not. I gave up on the XG.

  • In reply to LarryWarrington:

    Should be able to make it work by setting up a Business Application Rule, and selecting Exchange, and completing the necessary info on the configuration "form."

  • In reply to BrucekConvergent:

    Hi,

    Is that the same for other things, such as SharePoint?

    Regards,

    Ady

  • Larry Warrington

    I am looking for an example or directions for publishing an Exchange Server (OWA, active sync, etc) through XG Firewall. I found one for UTM, but nothing for XG. They are different enough that I don't find the UTM example useful. The admin manual is often not descriptive enough to be useful. I am finding the XG OS not very intuitive and am struggling with each rule I am trying to add. (Kinda wish I had opted for the UTM product instead)

    I created a rule, and tried connecting through OWA, but the browser eventually gives up with "the connection was reset" I haven't stumbled across any way to know what is happening within the XG with those requests.

    I have exactly the same issue, the manual to XG product is about as helpful as a chocolate teapot and the product itself, geez wasn't expecting to be hitting problem after problem.

    Anyway, that's the way it is but for the life of me cannot get Exchange General - Business Rule working correctly. Just like Larry, OWA just gives up with connection timeout or reset.

    The only way I can get OWA working is setting up a http rule for ports 80 and 443 to be simply passed through onto the internal server.

    Has anyone got this working and would be kind enough to provide real world example of their settings?

  • In reply to SGICT:

    I'm using WAF template for Exchange rules. But, If you should be off reverse authentication to some dir (/EWS,  /OAB).

    Test version is 2013 and 2016.

  • I got the same problem. Sometimes the I get the "the connection was reset" but mostly the browser gets an sophos login promt. I cant figure out how to use the exchange general rule. When using a DNAT rule everything is fine.

  • In reply to SGICT:

    I see that this is an old thread, but just wanted to see if anyone was able to get the built-in business app exchange policies working. i'm trying out the Sophos XG and i have the exact same issue; i'm only able to get it working by using a https/ http rule to pass traffic through. If no-one was able to get Sophos's built-in rules for Exchange working, does anyone have a recommendation for a different product that will work for this?

  • In reply to SophosNewb1:

    I'm very new to Sophos, and have started using XG Home for my personal SBS2008 network. Of course, that server is also my Exchange server, and I have gotten it to work with email just fine. I created two rules though - One using the built-in Exchange template, and a separate rule that forwards all the necessary services to my server.

    The exchange rule lists my Hosted server on my WAN port, , listening on port 80, with my OWA domain name (i.e. remote.domain.com). Then, the "Protected Server" is an object I created, pointing at my actual SBS2008 server. I did not turn on path-specific routing. The Exceptions list is the default list created by the template, and includes two separate entries. Under the Advanced section, I used the "Exchange Outlook Anywhere" protection policy, and the WAN to LAN Intrusion Prevention Policy.

    The second Business Application rule lists the destination as the WAN port, and forwards the following services to my SBS server object: HTTP, IMAP, SMTP(S), SMTP, and TCP. That last entry (TCP) has caused some issues though - It prevents the admin console from being accessible from the WAN. If I don't include the TCP entry, Outlook on a remote client is handed the SSL cert from the Sophos box itself, and not my domain cert. This prevents a connection to Exchange.

    I hope this is helpful to someone...