anybody seeing issues with XG17 causing Outlook desktop client losing "sync" with Office365.

We've starting seeing issues in the last month or so with Outlook desktop client losing sync with Office365 when it will just stop syncing the cached mailbox.  no errors and it will say all folders up to date.  It takes restarting Outlook for it to get back in sync and it will stay synced for a random period of time at which time it will stop syncing again.

 

I'm thinking the issue is linked with the upgrade from XG16 to XG17 that happened around the same time.  i waited until MR3 to upgrade to XG17.  I did the MR5 upgrade to see it that would help but it doesn't appear so.

  • I have same issue in V16 MR8 with HTTPS decryption and scan.

    After create the following 2 FQDN in exceptions, it works.

    outlook.office.com , outlook.office365.com 

    Try it.

  • In reply to ShunzeLee:

    we are not running HTTPS decryption and scan on that box.

  • In reply to wpajack:

    even with the default rule just having HTTP scanning and policies enabled,  I went ahead and create a new Firewall rule FQDN group with *.microsoft.com and *.office.com with no scanning at all, no IPS, traffic/Web/Application policies at all.  so far, 2.5Gb of traffic through it and we're still getting synchronization stalling on multiple computers.

     

    this one hasn't synced for an hour,

     

    but it says all folders up to date at the bottom of Outlook

     

    .

  • In reply to wpajack:

    So the issue is different with my case.

    Sorry for not being helpful...

  • We have seen this issue randomly as well after upgrading from 16.5 to 17.3 and then to 17.5. Seemed to make the issue not happen as often but we still get a couple of reports a week. We were using load balancing on the FW rule. When we changed it to use one ISP connection we noticed outlook quit syncing until we restarted outlook.

     

    Anyone else using load balancing that is seeing this issue?

  • In reply to Michael Jones1:

    Hi,

    Try this:

    Open cli and choose option 4

    Execute the command:

    set routing wan-load-balancing session-persistant source-only ip-family all

  • In reply to Rodrigo Pereira:

    Hey Rodrigo,

    Were you having a similar issue and this resolve it? The command binds the session to the wan port it started on I assume? I am fairly new to sophos firewalls.

  • In reply to Rodrigo Pereira:

    Rodrigo Pereira

    Hi,

    Try this:

    Open cli and choose option 4

    Execute the command:

    set routing wan-load-balancing session-persistant source-only ip-family all

     

    hmm, so is the idea that as the WAN address changes due to load-balancing, that it messes up the sync between Outlook and Office365?

     

    I do have dual-WAN connections that i am doing load-balancing, but it isn't done at the Sophos level.  I only have one WAN connection into the Sophos Firewall .  there is an upstream Velocloud unit that deals with the load-balancing/failover along with the corporate SD-WAN. 

  • In reply to wpajack:

    Yes, I think that the problem is the session persistence. Office365 uses ssl session. Try to do the similar configuration on your balancer.

  • In reply to Rodrigo Pereira:

    We do not have load balancing on our setup and we are experiencing this issue. If i turn off http scanning the issue seems to go away.  That would honestly defeat the purpose of having the XG in the first place.  

  • We have the exact same issue.  I read below that it may be contributed to Load Balancing but we don`t have multiple WAN links and we are still getting the problem. We have been dealing with this since we moved to Sophos about 5 months ago. I have tried Firewall Rules, Web Exceptions just about everything.  If i disable all scanning and use the XG as a router it seems to clear up.  I haven`t left it with everything turned off long enough to know that is the case because it would defeat the purpose of having a firewall in the first place.

  • In reply to Charles Johnson:

    We also had issues with the office straming install that was the HTTP scanning. So we created a new firewall rule for that and outlook access to O365. Turned off scanning and changed it from load balancing to a single egress and failover. This was on Friday I believe. Because the issue is so completely random we are giving it a good week to see if it rears its ugly head again.

  • In reply to Michael Jones1:

     

    this is what I have set now, with no positive effect.

     

    I am still working with our SD-WAN provider to see if it is anything on their end.

  • In reply to wpajack:

    Try turning off load balancing. That has helped us so far.

  • In reply to Michael Jones1:

    Load Balancing Off and my CFO just told me he quit using outlook and has gone online because the issues are so bad for him.  Like I have stated before I have been battling this issue for over five months. The day we put sophos XG in place we have had nothing but nightmare issues.  We will not renew Sophos My personal Opinion is their sales pitch does not meet their product delivery.