We're in the process of migrating to Sophos, but we are running into an issue where users at a branch sitting behind our new Sophos XG135 cannot access their Exchange 2013 mailboxes using Microsoft Outlook (2016/2019). The Exchange server would be accessible to the branch via an SSLVPN tunnel back to our new Sophos XG450.
Users at the branch can access OWA and ping the Exchange server without any issues. It seems to only be an issue when trying to use Outlook to access the mailboxes; here is the error that they get. However, if we use our old firewalls users do not get this error and Outlook works fine.
In the Firewall log I see all of the traffic is being allowed and there aren't any dropped packets (confirmed for both of the XG firewalls). There is no web filter policy set for the rule that allows the traffic - it simply allows all traffic between Exchange and the branch network (until the issue is fixed and the rule can be fine-tuned).
However, I notice that in the Web Filter log there are a ton of denials for port 80 traffic to the host. I'm not sure why there would be anything in the Web Filter log if we don't have a web filtering policy set for the rule. I see that the error mentions code 403 but this seems to happen at other branches behind our old firewall as well so it doesn't seem like the 403 error would be the issue.
Here is the rule for reference:
I've tried turning off SSL/TLS decryption, adding web policy exceptions for the IP and host names of our Exchange server, and just about everything else I could think to try. We already have the Sophos CA certificates deployed to workstations (and the Exchange server).
I did reach out to support as well but as of now we weren't able to come up with a solution. I was hoping to see if anyone here had any ideas for things that I could try to get Outlook working with Exchange. Thanks in advance! [:)]
This thread was automatically locked due to age.
