not able to connect to mail server

Sorry about your bad experiences.   I have my frustrations, but they have not reached that level.

Support:   I almost always use the myutm.sophos.com website rather than the phone, then wait for them to call back.   If the issue cannot be handled in one session, I try to ensure that I call back when that technicians is on duty rather than starting over with someone else (unless I am really unhappy with that technician.)    If they act stumped, press them to escalate the case.   Level 1 support is usually good at debugging, but weak on the big picture.   Hold times are better early in the day 9am-11am, terrible between 3pm and 5pm.   The other problem with calling near 5pm is that your technician may be near the end of his shift.   These comments based on US Eastern time zone. 

Configuration:   You did not describe your setup, so I will assume that the UTM is your firewall, since this is the way most people use it.    I assume you are trying to do Exchange ActiveSync, not EWS, IMAP, or POP.

Strategy:  I have never configured Autodiscover on the Internet, as it seemed I was giving the bad guys too much help.    In your situation, if you have been trying to use Autodiscover, I would drop back and concentrate on manual configuration only for now.  

Inbound traffic can flow through the firewall layer or the WAF subsystem.   If you just want to get things connected, start with a firewall approach and disable any WAF configuration.   You should be able to get going in minutes.   You will need a DNAT rule to translate the public IP to an internal IP.   For ActiveSync and EWS, all you should need is port 443 open.

For WAF with Exchange ActiveSync, there was a detailed configuration guide that is very helpful but which I cannot find at this moment.   A lot of things have to be disabled to make Microsoft happy.  WAF with EWS should be possible as well, because it works on port 443, but I have not seen a configuration guide.  Hopefully someone else will post the link, and I will attempt to search some more.  Of course, some things will depend on the version of Exchange that you are using, and its patch level.

Apple devices are their own world.   I would also test on Android first, then extend to IOS.   But it sounds as if you have already tried both.

Hi Raz,

We are sorry for this experience, can you please DM the Case# and I will take a look into the matters quickly. You can also share some details about your setup and configuration to me via DM and I can provide you an update.

Thanks

Hi Douglas,

Many thanks for the above. I have tired it on all sorts of different devices and the issue is that it will work on all iPhone but only on some ANdroids! But having test it on my own windows laptop it wont work! It is the strangest thing I've seen for a while. So after some me investigating I'm starting to think it could be a routing issue.

I will let you know when I get this resolved!

Raz

Hi Sachin,

I have finally managed to talk to a Sophos Tech and after an hour of looking around the UTM he has had to go away and talk to third line I guess? Anyway he hopefully is going to get back to me shortly.

Thanks

Raz

I finally found some of what I wanted

https://community.sophos.com/kb/en-us/120454

has a link to a book for configuring Exchange with UTM WAF v9.34

There may be an updated version for 9.4 if you ask support.  No idea about v9.5

Reading recent posts, there are some issues with Exchange 2016.   Bob Alfson said this is the most useful link.   It is in German, so hopefully Google Translate can help you out:

https://www.frankysweb.de/sophos-utm-9-4-waf-und-exchange-2016/

I believe that I have read that there is a global problem with Apple's HTTP/2 implementation being incompatible with Microsoft's HTTP/2 implementation, and the workaround is to reconfigure your Microsoft server to operate in Windows 2012 (non-HTTP/2) compatibility mode.

Thanks Douglas really appreciate your help. I will let you know if this works.

This seems to have really stumped Sophos Tech support as well!!

Raz

Hi, Raz, and welcome to the UTM Community!

I've moved this thread to the Email Protection forum as it certainly doesn't belong in the forum for the UTM Manager application.  However, you haven't told us enough to know whether your question belongs in the Web Server Security forum instead.  Doug's interpreted your plea as one for help with WAF - is that correct?

Cheers - Bob

Hi Bob,

Ok to be honest I am not sure where this belongs as I simply can not understand why I can not setup my email client on my phone. My colleagues tell me that before the UTM was put in and went live all was working as it should be. Even now I talk to some people who connected up perfectly well before the UTM went in and even though I can not setup they can still get to their emails. I've even had one or two people say that they have connected up since the UTM went in.

Sophos Tech support are supposedly looking in to this, I have had one guy remote on to the firewall and have a look around. However he hasn't got back to me in two days even after several emails asking for an update!

There appears to be no rhyme or reason to this at all.

Thanks

Raz

Do you learn anything from trying #1 in Rulz?

Cheers - Bob

Nope, Been through the logs. The odd thing is the IP address of the device I am trying doesn't show up! There are a myriad of other IP addresses connecting to the mail server but not mine!

Thanks
Raz