On-premises Exchange works fine with the WAF if you follow https://support.sophos.com/support/s/article/KB-000038003?language=en_US , but when customers switch to using Teams, I have issues with the Calendar synchronisation between the on-premise Exchange and the cloud Teams. My temporary solution so far: a DNAT rule.
The problem is that DNAT not only allows external access to OWA (webmail) and EWS (web services), but also to the ECP (the admin bit). As you might have read, the last days there was a serious incident going on in Exchange-country, and this reminded me that this temporary solution is actually very unsafe.
There are ways to block the ECP from inside Exchange or the Windows Firewall, but I wonder if there isn't a way I can simply do this over the UTM without having to go back to the WAF.
Obviously, I'm open for suggestions how to make the Teams Calendar work properly through WAF. It seems that Microsoft can't keep a connection up with the EWS, as the calendar appears and disappears randomly when using WAF.
This thread was automatically locked due to age.