anybody seeing issues with XG17 causing Outlook desktop client losing "sync" with Office365.

We've starting seeing issues in the last month or so with Outlook desktop client losing sync with Office365 when it will just stop syncing the cached mailbox.  no errors and it will say all folders up to date.  It takes restarting Outlook for it to get back in sync and it will stay synced for a random period of time at which time it will stop syncing again.


I'm thinking the issue is linked with the upgrade from XG16 to XG17 that happened around the same time.  i waited until MR3 to upgrade to XG17.  I did the MR5 upgrade to see it that would help but it doesn't appear so.

  • In reply to John Loy:


    Interesting that the power cycle worked. I did fully power cycle my client's switches / firewalls a week ago because of an unrelated issue and they were still experiencing the sync problem. I did not have them down long, so maybe that is something I should try. 

  • In reply to Joe Plunkett:

    Today we had the return of this issue at both sites we were testing at.

    Just implementing the last wildcard option given to us by Sophos. Should this fail i will be trying dropping the power option suggested to see.

  • In reply to Adam Rippon:


    Let me know if that worked out for you. I still can't get it to work, the only thing I have left to do is power cycle the Firewall - something that is not easily done for clients with HA demands!

  • We're having the exact same issue, any news on this one ?


  • In reply to MiroslavCacija:

    I still have not been able to resolve this. 

  • In reply to Joe Plunkett:

    Maybe 17.1 GA changes something, otherwise it's another very bad problem ...

  • In reply to MiroslavCacija:

    No my clients are past 17.01 and having the issue still. I am going to upgrade their firmware this weekend, hoping that helps. This issue is becoming incredibly frustrating. 

  • In reply to Joe Plunkett:

    We upgraded to firmware 17.0.8 a few days ago and I haven't heard any issues yet.  However, it's probably a coincidence, as there is no info in the release notes pertaining to this issue.  Just thought I would throw that info out there.  I would think this is an issue they would consider very high priority.  

  • In reply to johnjohnh:


    We upgraded to firmware 17.0.8 a few days ago and I haven't heard any issues yet.  However, it's probably a coincidence, as there is no info in the release notes pertaining to this issue.  Just thought I would throw that info out there.  I would think this is an issue they would consider very high priority.  


    Please let me know if the 17.0.8 upgrade keeps working for you. I am having similar issues with users' Outlook that are on O365 (and issues with Skype for Business too) that I think are related to the XG and am debating on running the firmware upgrade before our scheduled maintenance. That is if it will help at all...
  • In reply to isaacvv:

    On 17.1 GA the problem is still the same. Going to open a ticket to support, because I want this to be resolved ASAP.

  • In reply to MiroslavCacija:


    I have had a ticket open for almost a month and still no fix. Let me know if you get it resolved ASAP. 

    I just upgraded my client to 17.08 MR8 (from 17.03 MR3) and I can now confirm that the issue is still happening on the latest firmware. 

  • In reply to Joe Plunkett:

    On the test computer so far it seems that I have success with firewall rule -

    Source Zones - Any, Source Networks and Device - Any, Destination Zones - Wan, Destination Networks - O365 ( *, * ), alll scanning turned off.

    Put the rule on top, and test. Outlook opened more than 24 hours, and in sync so far. We'll see.

  • In reply to MiroslavCacija:

    I have already tried this kind of whitelist and it did not work for me. Let me know if you still don't see the issue for another 24 hours. I will be very surprised

  • In reply to Joe Plunkett:

    Has anyone had any success with dropping the power to the XG? I can confirm that with the exceptions & 17.08 didn't fix our issues.

    Below is the next steps from Sophos GES.

    Also thinking might need to take a deeper look at TCP time out settings...


    Hello Adam,

    Thank you for the session today and it was nice talking to you.

    The following are the takeaways from our conversation.

    1. The issue is intermittent.

    2. While the issue occurs, outlook client stays connected but the new emails cannot be downloaded. This does not work even by manually updating the folders. Though restarting the outlook client fixes the issue. Fro this we have asked you to contact Microsoft for additional inputs as in under what condition this behavior is observed.

    3. We have created a plain firewall rule for the most affected system to understand if the system works without any filter.

    4. We have created another rule for another system with the same policies (IPS, HTTP scan and WEB) as the default LAN-WAN rule to understand if the issue occurs with policies in place.

    5. We have agreed that when the issue occurs next time and happens only with system with policies, then we need to check it live and dig in more.

    6. We have also found that AV scan is set to batch mode, which can sometime create issues, so this can be shuffled to real time.

    7. We have also seen that FQDN hosts have been used using API under LAN-WAN rule, but the issue did not fix. Which means either some links are still going through proxy or there is a problem with the OUTLOOK client itself. Now the problem with outlook client can be there if the system in STEP 3 is still affected and in that case Microsoft should be able to give us some inputs.

    8. You will let us know when the issue occurs the next time to validate the above steps.

    Thank you and have a great week ahead.


    Sophos Technical Support

    Support Knowledge Base:
    Follow us on Twitter @SophosSupport

  • In reply to Adam Rippon:

    Are other people having this problem using HA (active/passive) mode?  I had a large customer that was not having the issue, but once I put in the new HA FW, they started having the issue.  This could just be a coincidence, but I am trying to nail down the source.  I have upgraded to 17.1 and the issue remains.  It seems to happen whether the rules have policies set or no policies set.  The one customer that I mentioned a while back that had the issue was bad, has not seen the problem since the hard power off of both the Primary and Aux device.  I am starting to think it is a memory or buffer issue.  The firewalls that are using HA are less likely to have a full power off, my thinking is that what ever is going wrong copies it to the HA FW and the HA FW copies it back after the primary comes back up.  Others are not seeing it as much because updates are clearing out the memory issue when it reboots during the upgrades.  Just a thought.