This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

not able to connect to mail server

Hi,

 

We recently had a new UTM 9 box installed. All seemed to be working well until we tried to setup email on a smart phone. No matter what we try we just can not get the email setup on any mobile devices. The connection simply times out, the server can not be found, the connection gets dropped. There is no rhyme or reason and the error message is never the same. I've gone back to the company who installed it and basically because we signed off on the install they don't want to know. I've tried ringing Sophos support and I just keep getting passed around from pillar to post. Ive added certificates, exceptions and rules galore.

To say I'm frustrated is an understatement. I've actually only been in post two months, the whole system was scoped, purchased, implemented, paid for and signed off by my predecessor. If it hadn't cost so much I would simply throw this rubbish away and buy something that works and from a company who cares and gives good support. While writing this post I have been on hold with Sophos support for nearly an hour after speaking with three different people already!!!!!!!

 

Ok rant over.. Does anyone here have any idea how I can get this working please? My users are really not happy!!

 

Thanks

Raz



This thread was automatically locked due to age.
Parents
  • Sorry about your bad experiences.   I have my frustrations, but they have not reached that level.

    Support:   I almost always use the myutm.sophos.com website rather than the phone, then wait for them to call back.   If the issue cannot be handled in one session, I try to ensure that I call back when that technicians is on duty rather than starting over with someone else (unless I am really unhappy with that technician.)    If they act stumped, press them to escalate the case.   Level 1 support is usually good at debugging, but weak on the big picture.   Hold times are better early in the day 9am-11am, terrible between 3pm and 5pm.   The other problem with calling near 5pm is that your technician may be near the end of his shift.   These comments based on US Eastern time zone. 

    Configuration:   You did not describe your setup, so I will assume that the UTM is your firewall, since this is the way most people use it.    I assume you are trying to do Exchange ActiveSync, not EWS, IMAP, or POP.

    Strategy:  I have never configured Autodiscover on the Internet, as it seemed I was giving the bad guys too much help.    In your situation, if you have been trying to use Autodiscover, I would drop back and concentrate on manual configuration only for now.  

    Inbound traffic can flow through the firewall layer or the WAF subsystem.   If you just want to get things connected, start with a firewall approach and disable any WAF configuration.   You should be able to get going in minutes.   You will need a DNAT rule to translate the public IP to an internal IP.   For ActiveSync and EWS, all you should need is port 443 open.

    For WAF with Exchange ActiveSync, there was a detailed configuration guide that is very helpful but which I cannot find at this moment.   A lot of things have to be disabled to make Microsoft happy.  WAF with EWS should be possible as well, because it works on port 443, but I have not seen a configuration guide.  Hopefully someone else will post the link, and I will attempt to search some more.  Of course, some things will depend on the version of Exchange that you are using, and its patch level.

    Apple devices are their own world.   I would also test on Android first, then extend to IOS.   But it sounds as if you have already tried both.

Reply
  • Sorry about your bad experiences.   I have my frustrations, but they have not reached that level.

    Support:   I almost always use the myutm.sophos.com website rather than the phone, then wait for them to call back.   If the issue cannot be handled in one session, I try to ensure that I call back when that technicians is on duty rather than starting over with someone else (unless I am really unhappy with that technician.)    If they act stumped, press them to escalate the case.   Level 1 support is usually good at debugging, but weak on the big picture.   Hold times are better early in the day 9am-11am, terrible between 3pm and 5pm.   The other problem with calling near 5pm is that your technician may be near the end of his shift.   These comments based on US Eastern time zone. 

    Configuration:   You did not describe your setup, so I will assume that the UTM is your firewall, since this is the way most people use it.    I assume you are trying to do Exchange ActiveSync, not EWS, IMAP, or POP.

    Strategy:  I have never configured Autodiscover on the Internet, as it seemed I was giving the bad guys too much help.    In your situation, if you have been trying to use Autodiscover, I would drop back and concentrate on manual configuration only for now.  

    Inbound traffic can flow through the firewall layer or the WAF subsystem.   If you just want to get things connected, start with a firewall approach and disable any WAF configuration.   You should be able to get going in minutes.   You will need a DNAT rule to translate the public IP to an internal IP.   For ActiveSync and EWS, all you should need is port 443 open.

    For WAF with Exchange ActiveSync, there was a detailed configuration guide that is very helpful but which I cannot find at this moment.   A lot of things have to be disabled to make Microsoft happy.  WAF with EWS should be possible as well, because it works on port 443, but I have not seen a configuration guide.  Hopefully someone else will post the link, and I will attempt to search some more.  Of course, some things will depend on the version of Exchange that you are using, and its patch level.

    Apple devices are their own world.   I would also test on Android first, then extend to IOS.   But it sounds as if you have already tried both.

Children
  • Hi Douglas,

    Many thanks for the above. I have tired it on all sorts of different devices and the issue is that it will work on all iPhone but only on some ANdroids! But having test it on my own windows laptop it wont work! It is the strangest thing I've seen for a while. So after some me investigating I'm starting to think it could be a routing issue.

    I will let you know when I get this resolved!

     

    Raz