Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Publish Exchange server through XG Firewall.

I am looking for an example or directions for publishing an Exchange Server (OWA, active sync, etc) through XG Firewall. I found one for UTM, but nothing for XG. They are different enough that I don't find the UTM example useful. The admin manual is often not descriptive enough to be useful. I am finding the XG OS not very intuitive and am struggling with each rule I am trying to add. (Kinda wish I had opted for the UTM product instead)

I created a rule, and tried connecting through OWA, but the browser eventually gives up with "the connection was reset" I haven't stumbled across any way to know what is happening within the XG with those requests.



This thread was automatically locked due to age.
  • I'm very new to Sophos, and have started using XG Home for my personal SBS2008 network. Of course, that server is also my Exchange server, and I have gotten it to work with email just fine. I created two rules though - One using the built-in Exchange template, and a separate rule that forwards all the necessary services to my server.

    The exchange rule lists my Hosted server on my WAN port, , listening on port 80, with my OWA domain name (i.e. remote.domain.com). Then, the "Protected Server" is an object I created, pointing at my actual SBS2008 server. I did not turn on path-specific routing. The Exceptions list is the default list created by the template, and includes two separate entries. Under the Advanced section, I used the "Exchange Outlook Anywhere" protection policy, and the WAN to LAN Intrusion Prevention Policy.

    The second Business Application rule lists the destination as the WAN port, and forwards the following services to my SBS server object: HTTP, IMAP, SMTP(S), SMTP, and TCP. That last entry (TCP) has caused some issues though - It prevents the admin console from being accessible from the WAN. If I don't include the TCP entry, Outlook on a remote client is handed the SSL cert from the Sophos box itself, and not my domain cert. This prevents a connection to Exchange.

    I hope this is helpful to someone...