This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android, Active-Sync Accounts and UTM Certificates (don't play well together)

I have a Samsung Galaxy S9+ (too damned expensive) and have been using it with my UTM.  The UTM certificate was installed using the User Portal so I can at least browse just fine.  The problem I have is my new mail hosting company uses Active Sync (MS Exchange Front End) to communicate with it's secure linux back end.  Back Story: I read one too many reports on how Google was selling customer data to advertisers so I removed my mail from their servers.  Anyway, I get all kinds of errors and somewhere I noticed the errors were certificate oriented and looking at the details, the certificate was the UTM's not the mail server. This looks like the browser errors did before I installed the certificate on the User Portal.  Clearly, though, it's different since at least one UTM is successfully installed on the phone.

Can someone help me understand this. 

I guess I have to install more certificates somewhere else, but no one seems to have any idea which ones or where to install them.

New Mail Hosting Company is  They have all sorts of KB articles (mostly poorly written) but this is Sophos specific.



This thread was automatically locked due to age.
  • To elaborate on JayDeep's comment:

    1) I infer that you are using Web Filtering with HTTPS inspection enabled.    Periodically, you will find sites that do not work with https inspection enabled, and the solution is to create an exception object to bypass (at least) https inspection for that server.

    2) If UTM Web Filtering intercepts something, it will attempt to display a block or warn page.   The ActiveSync protocol will not be able to cope with that anomaly.   So you really don't want things to be blocked there.   For this reason, I suggest creating an exception object which disables all checking.

    3) I suggest you try Sophos Mobile Control on your cell phone.   I have not had any problems with it interfering with my ActiveSync traffic, and I have been using it for a long while.  It has a web filtering component that should protect me if I click on a dangerous link inside a mail message.   It also has a file scanner which should protect me if I accidentally download a malicious email attachment.    (No self-serving here:   I am not a Sophos employee, and Sophos offers the consumer version of the product for free on the App Store/Play Store.)


  • To elaborate on JayDeep's comment:

    1) I infer that you are using Web Filtering with HTTPS inspection enabled.    Periodically, you will find sites that do not work with https inspection enabled, and the solution is to create an exception object to bypass (at least) https inspection for that server.

    2) If UTM Web Filtering intercepts something, it will attempt to display a block or warn page.   The ActiveSync protocol will not be able to cope with that anomaly.   So you really don't want things to be blocked there.   For this reason, I suggest creating an exception object which disables all checking.

    3) I suggest you try Sophos Mobile Control on your cell phone.   I have not had any problems with it interfering with my ActiveSync traffic, and I have been using it for a long while.  It has a web filtering component that should protect me if I click on a dangerous link inside a mail message.   It also has a file scanner which should protect me if I accidentally download a malicious email attachment.    (No self-serving here:   I am not a Sophos employee, and Sophos offers the consumer version of the product for free on the App Store/Play Store.)

