This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android, Active-Sync Accounts and UTM Certificates (don't play well together)

I have a Samsung Galaxy S9+ (too damned expensive) and have been using it with my UTM.  The UTM certificate was installed using the User Portal so I can at least browse just fine.  The problem I have is my new mail hosting company uses Active Sync (MS Exchange Front End) to communicate with it's secure linux back end.  Back Story: I read one too many reports on how Google was selling customer data to advertisers so I removed my mail from their servers.  Anyway, I get all kinds of errors and somewhere I noticed the errors were certificate oriented and looking at the details, the certificate was the UTM's not the mail server. This looks like the browser errors did before I installed the certificate on the User Portal.  Clearly, though, it's different since at least one UTM is successfully installed on the phone.

Can someone help me understand this. 

I guess I have to install more certificates somewhere else, but no one seems to have any idea which ones or where to install them.

New Mail Hosting Company is www.kolabnow.com  They have all sorts of KB articles (mostly poorly written) but this is Sophos specific.

Thanks,

~Doug



This thread was automatically locked due to age.
  • Hi  

    Since Exchange ActiveSync uses Port 80 and 443, It will be filtered by UTM's web protection if the source IP is in the allowed networks of a WebFilter Profile. You should get the details of the server's hostname from your service provider and create an exception for that in Web Filtering. That should possibly allow you to work without any certificate errors.

    Regards

    Jaydeep

  • To elaborate on JayDeep's comment:

    1) I infer that you are using Web Filtering with HTTPS inspection enabled.    Periodically, you will find sites that do not work with https inspection enabled, and the solution is to create an exception object to bypass (at least) https inspection for that server.

    2) If UTM Web Filtering intercepts something, it will attempt to display a block or warn page.   The ActiveSync protocol will not be able to cope with that anomaly.   So you really don't want things to be blocked there.   For this reason, I suggest creating an exception object which disables all checking.

    3) I suggest you try Sophos Mobile Control on your cell phone.   I have not had any problems with it interfering with my ActiveSync traffic, and I have been using it for a long while.  It has a web filtering component that should protect me if I click on a dangerous link inside a mail message.   It also has a file scanner which should protect me if I accidentally download a malicious email attachment.    (No self-serving here:   I am not a Sophos employee, and Sophos offers the consumer version of the product for free on the App Store/Play Store.)

     

  • Correction to #3.  The free app was formerly called Sophos Mobile Security.   It has been renamed to Sophos Intercept X for Mobile.   The name "Sophos Mobile Control" has always been the corporate version, which is not free.