Hello,
I used to have the Exchange WebServices exposed to the internet over DNAT. Because of the recent Exchange exploits, we decided to start using the WAF again and to use the 2FA possibilities of the UTM.
It all works fine except the reason we used DNAT and not WAF in the first place: the Teams Calendar. It randomly comes and goes with users when connected through the WAF, which cripples their usage of Teams. My impression is that Microsoft queries the (on-premises) /ews very often and that Sophos blocks this because it is suspicious behaviour. I'm experimenting with the Firewall profile Exception List (eg. skip "Request limits"), but I'm not entirely sure what I am doing.
The current configuration is taken from https://support.sophos.com/support/s/article/KB-000038003?language=en_US, but it's not a good sign that it starts with "Sophos does not officially support Microsoft Exchange 2016 with WAF." I don't want to change firewall from several customers just because of a Teams issue.
This thread was automatically locked due to age.
