I'll start by saying I attempted to replace my aging Forefront TMG 2010 server this past weekend with a XG310 running firmware 16.05 and after 6 hours of fighting with the Exchange rules I gave up and reverted back to the TMG.
I have already went though every post I could find on the subject on the forums (https://community.sophos.com/products/xg-firewall/f/email-protection/74660/publish-exchange-server-through-xg-firewall, https://community.sophos.com/products/xg-firewall/f/network-and-routing/40733/exchange-2013-waf-publishing, https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/80910/does-anybody-have-waf-rules-that-work-to-allow-owa-on-exchange-2010, https://community.sophos.com/products/xg-firewall/f/web-protection/75282/sophos-xg-breaks-ssl-when-connecting-to-outlook-anywhere) and also the most refereed to post outside the forums (https://networkguy.de/?p=998). Some have helped but none got my system up and running. It also seems other people are having the same issue with no resolutions (https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/87745/exchange-outlook-anywhere-waf-not-working)
After multiple hours I was able to get Autodiscover working (with its own rule) and Exchange Mobile Sync (again with it's own rule). But the "Exchange General" rule will not work which I need for Outlook Anywhere and Outlook Web Access. The biggest issue is Outlook will prompt for a username and password, which you shouldn't need. Also no combination of user/password works. Same with OWA, we get the forms based authentication but nothing works. Also I can't seem to get it to redirect to /oma which TMG does without issue.
I've verified under Protect -> Web Server -> Authentication Policies that a user group is selected for both Basic and Forms Based authentication. I also know this works since I setup a different webserver using the forms based and that works fine. Also under Protect -> Web Server -> Web Servers my Exchange server is listed as "Encrypted (HTTPS)" which it is.
I'm at a loss of what to try next. Any suggestions? Is there a more up to date guide then one based on the UTM? All my other firewall rules (30+) and web server publishing rules (8) work fine, just the Exchange ones do not. I tried a simple web server publishing rule, not using the Exchange template, and I had limited success with that but it was hit or miss so that's not the answer either.
-Allan
This thread was automatically locked due to age.