Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 41 subscribers
  • Views 7552 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is Office 365 install hanging on some XG firewalls but not others?

Ex2

Hi

Currently have an issue with XG135 whereby Office 365 install hangs and fails.

We have turned all filtering off and ran the installer through an open policy out of desperation but it still didn't work.

If we connect directly to the fibre router and use the WAN ip info the installer works as expected.

As a side note, of the people that have office 365 installed we have encountered mail latency and one drive sync issues.

I have read this post and although our issue seems similar I didn't want to hijack it!

https://community.sophos.com/products/xg-firewall/f/web-protection/102231/communication-with-office-365-products

I have downloaded the tar file but before I try this I would like to understand why other XG units we have rolled out don't suffer with this issue and should I be looking at something else beforehand.

That post does describe similar issues to what we are having.

Can anybody provide any insight regarding this.



This thread was automatically locked due to age.
  • 0

    Hi  

    Thanks for reaching out and apologies to hear this issue.

    Answering this question would require more context regarding your situation, as creating a firewall rule that bypasses any web and application filtering/scanning (having the setting as none) is usually all it takes for Office 365 installation/updates/usage to be successful. 

    How does the general network layout differ from this location that isn't working vs your other XG units where it is working?

    Have you confirmed that the Office 365 traffic is matching to the correct firewall rule configured to bypass all checks? (packet capture)

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Hi

    Apologies I think I caused confusion regarding what I wanted from the post.

    Appreciate and understand what you are saying when referring to context however regarding firewall rules and no rules (default - any) as such differs from unit to unit (out of the box).

    I have rolled XG units out and before any rules beyond default are defined they would have no connectivity issues regarding office 365 and when rules and features are defined/implemented it still works as expected.

    It's frustrating when you then get 100 series unit's that doesn't allow a mainstream product through and need config beyond the norm.

    That's where I was going with the post, do I really need to carry out this configuration (regarding the tar file) or am I missing something? why doesn't it work out of the box like the 300 series?

    In the log viewer the packets are being denied to the MS IP's without any filtering or scanning in place?

     

    Thanks

  • 0 in reply to Ex2

    Hi  

    My apologies for the confusion, and thank you for clarifying the situation.

    Your XG135 device should "work out of the box" like your other 300 series units (except for the obvious performance differences).

    Are you able to enable the support access tunnel of your XG 135 and another "working" XG 300 series unit and PM me with the access ID's for further investigation?

    Thanks,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Hi

    Well unfortunately it didn't and just to note we enabled the web filtering against the default rule and have started to modify the Microsoft default web filter by adding addresses to see if we can pin point the missing item however this may not be the cause.

    I have enabled the support access and sent you a PM.

    Thank you

  • 0

    I put in the following exceptions, and was able to get the Office 365 to sucessfully complete:

     

    ^([A-Za-z0-9.-]*\.)?microsoft\.com/
    ^([A-Za-z0-9.-]*\.)?windowsupdate\.com/
    ^([A-Za-z0-9.-]*\.)?officecdn.microsoft.com.edgesuite.net/
    ^([A-Za-z0-9.-]*\.)?officecdn.microsoft\.com/
    ^([A-Za-z0-9.-]*\.)?windows\.com/

    Initially I had just the officecdn.microsoft.com.edgesuite.net & officecde.microsoft.com urls in the exception. 
    I had to add the other three to get it to work. 

    Hope this helps.

    LThibx

Unfiltered HTML