This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF issues after updating to 9.709-3

Hi,

anyone else noticed that after updating to 9.709-3 Exchange Web Services is not working anymore? We get HTTP Error 500 when connecting to EWS published trhrough WAF. Also, the virtual server changes to orange when this error occurs. Accessing EWS through the browser shows the service page after authentication, but when interacting with EWS by using the Exchange Remote Connectivity Analyzer or EWS Editor generates the HTTP 500 error and the WAF rule turns orange.

When directly connecting to EWS and bypassing UTM works fine and we can interact with EWS.

Before the update everything worked fine.

Franc.



This thread was automatically locked due to age.
Parents Reply
  • Last Friday. Of course I can't say with any certainty that I'll get a response today. Looking at the response email I see I've been a bit too optimistic hoping for a response today as they mention getting back to me by Tuesday. Additionally there's absolutely no guarantee that what I'll get won't be some kind of generic "we're still looking into it" response...

Children
  • Hello Mateusz,

    May know the Case ID you have opened with us.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Sure. It's 05075763. For the record, everything's smooth thus far. I mean, I'm waiting for a response as instructed.

  • Hello Mateusz,

    Thank you for the Case ID. I am happy to hear the interaction has been going as it should.

    The logs seem to match some of the ones on NUTM-13425, so I left a note for L2 to confirm and if so attach your case as well to NUTM-13425.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • If it help getting to the bottom of things... ;)

  • Well... I have to say that things went downhill. After a lengthy session capturing packets and reproducing issues almost 2 weeks ago I've received a reply last week telling me to... capture packets and mentioning things that were never previously mentioned ("Public URL Tool"). When I asked for clarification I got no response.

    This was last Thursday.

    Now there's an update to the UTM which doesn't resolve the issue (as other people have confirmed) but I'm not sure if I can install it because of this ongoing case... except IS it ongoing, given the lack of responses?

  • Guys, this is getting a bit out of hand. I can sort of understand taking a long time to fix an issue after acknowledging it requires fixing. I get that. But your communication is honestly abysmal, and we're not even there yet; I haven't even gotten a clear "yeah, sorry, it's an issue with the UTM itself, we'll fix it" or anything of the sort.

    Last week someone finally replied to my email and suggested another session to capture packets, asking to provide some time frames. I replied with some time frames. This was last week and my reply is still unread.

    Next week I'll be unavailable completely - I should feel guilty, but honestly this is dragging on for so long I'm starting to not care and I'm honestly thinking about switching to another service (since our license is probably running out in a month or so). We have one of the smallest UTM units, so there shouldn't be any "sunken cost" fallacy / issue...

    I WOULD switch to XG if that thing had the same feature set. It's very confusing, but I'd switch. And the feature it lacks is built-in Let's Encrypt support...

  • Well, why do they need another packet capture? They have the ones from us already while clearly reproducing the issue. They saw it themselves.

  • Given everything else about this case? To stall as much as possible... Waste as much time setting up the capture session and afterwards they could have an excuse to waste more time analysing what they have. But, hey, that's just the annoyed cynic in me talking.

    Supposedly the packets already captured were on the firewall itself and that isn't enough, and they want to capture the packets from the client as well.