EAS Proxy usage

Question

Hello, 
 We are in the process of installing Sophos Mobile Control. 
 The server has been installed and is protected by Sophos WAF. 
 The connectivity with the external world and registration of the devices works fine, but the email synchronization is not working. 
 The EAS Proxy is not installed. (Does anyone know if this could be the issue ? Is it possible to setup the system withtout the EAS proxy ?) 
 This is what I see on the WAF logs. 
 Thanks for your feedback and advices 
 
 Kr 
 
 Laurent 
 
 2016:02:03-15:27:04 fwlsopclu-1 reverseproxy: id="0299" srcip="194.xxx.xxx.202" localip="10.76.103.16" size="434" user="-" host="194.xxx.xxx.202" method="POST" statuscode="502" reason="-" extra="-" exceptions="-" time="819075" url="/Microsoft-Server-ActiveSync" server="REF_RevFroSmcportal" referer="-" cookie="-" set-cookie="-" 
 
 2016:02:03-15:48:01 fwlsopclu-1 reverseproxy: id="0299" srcip="194.xxx.xxx.202" localip="10.76.103.16" size="0" user="-" host="194.xxx.xxx.202" method="OPTIONS" statuscode="200" reason="-" extra="-" exceptions="-" time="1137270" url="/Microsoft-Server-ActiveSync" server="REF_RevFroSmcportal" referer="-" cookie="-" set-cookie="-" 
 
 2016:02:03-15:48:01 fwlsopclu-1 reverseproxy: [Wed Feb 03 15:48:01.824365 2016] [proxy_http:error] [pid 14421:tid 3828980592] (70014)End of file found: [client 194.xxx.xxx.202:49386] AH01102: error reading status line from remote server apssmc001-prd.corp.net:443 
 
 2016:02:03-15:48:01 fwlsopclu-1 reverseproxy: id="0299" srcip="194.xxx.xxx.202" localip="10.76.103.16" size="0" user="-" host="194.xxx.xxx.202" method="POST" statuscode="200" reason="-" extra="-" exceptions="-" time="531281" url="/Microsoft-Server-ActiveSync" server="REF_RevFroSmcportal" referer="-" cookie="-" set-cookie="-" 
 
 2016:02:03-15:48:02 fwlsopclu-1 reverseproxy: [Wed Feb 03 15:48:02.490773 2016] [proxy_http:error] [pid 14421:tid 3820587888] (70014)End of file found: [client 194.xxx.xxx.202:49387] AH01102: error reading status line from remote server apssmc001-prd.corp.net:443 
 
 2016:02:03-15:48:02 fwlsopclu-1 reverseproxy: [Wed Feb 03 15:48:02.490796 2016] [proxy:error] [pid 14421:tid 3820587888] [client 194.xxx.xxx.202:49387] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync 
 
 2016:02:03-15:48:02 fwlsopclu-1 reverseproxy: id="0299" srcip="194.xxx.xxx.202" localip="10.76.103.16" size="434" user="-" host="194.xxx.xxx.202" method="POST" statuscode="502" reason="-" extra="-" exceptions="-" time="587077" url="/Microsoft-Server-ActiveSync" server="REF_RevFroSmcportal" referer="-" cookie="-" set-cookie="-"

SDU · Answer

Hi Laurent, 
 if you want to grant email access based on device compliance which is evaluated by the Sophos Mobile Control server you have to use the EAS Proxy functionality. To use the EAS Proxy functionality Sophos Mobile Control server provides two options. You can either use the built-in EAS Proxy which has to be configured as the super administrator (Setup | System setup | EAS Proxy). There, you simply enter your mail server which the SMC server should forward all ActiveSync traffic to. Then, you configure an email profile for your devices and setting the Sophos Mobile Control server as email server. T hen the devices will contact the SMC server at first which checks if the device is allowed to synchronize emails according to the compliance rules and then forwards the traffic to the email server. 
 For larger environments, it is recommended to set up the "External EAS Proxy" which can be downloaded separately. 
 Further information regarding the External EAS Proxy can be found in the document attached to this article . 
 Please also make sure ActiveSync is enabled on the user mail boxes on your email server. 
 Best regards Stefan