Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 4043 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft Teams Calendar through WAF

J.Janssens

Hello,

I used to have the Exchange WebServices exposed to the internet over DNAT. Because of the recent Exchange exploits, we decided to start using the WAF again and to use the 2FA possibilities of the UTM.

It all works fine except the reason we used DNAT and not WAF in the first place: the Teams Calendar. It randomly comes and goes with users when connected through the WAF, which cripples their usage of Teams. My impression is that Microsoft queries the (on-premises) /ews very often and that Sophos blocks this because it is suspicious behaviour. I'm experimenting with the Firewall profile Exception List (eg. skip "Request limits"), but I'm not entirely sure what I am doing.

The current configuration is taken from https://support.sophos.com/support/s/article/KB-000038003?language=en_US, but it's not a good sign that it starts with "Sophos does not officially support Microsoft Exchange 2016 with WAF." I don't want to change firewall from several customers just because of a Teams issue. 



This thread was automatically locked due to age.
Parents
  • 0

    The same is happening for us, using NAT for Exchange works perfectly, but as soon as I enable WAF (using the same guide in the link above) nobody can see their Teams calendar (we have Exchange 2016 CU19 in hybrid mode).  I've looked in the WAF logs and don't see anything obvious.

Reply
  • 0

    The same is happening for us, using NAT for Exchange works perfectly, but as soon as I enable WAF (using the same guide in the link above) nobody can see their Teams calendar (we have Exchange 2016 CU19 in hybrid mode).  I've looked in the WAF logs and don't see anything obvious.

Children
  • 0 in reply to David Webb

    I'm happy to hear that, sorry, because it means I'm not alone :o) I opened a ticket and they're looking into my logs. I hope more people signaling this problem will make Sophos look into it. I should've opened a ticket a year ago when I first noticed it though. I just used DNAT as a temporary-forever solution, until the big Exchange Hack from earlier this month reminded me that this isn't a safe solution.

    --------------------

    J. Janssens

    Sophos Certified Architect
    Sophos Certified Engineer
    Sophos Certified Sales Consultant
    Gold Partner

  • 0 in reply to David Webb

    Just FYI: I opened an official ticket on 12/03/2021 and shortly after Sophos looked at some logs. They ignored all of my requests since.

    --------------------

    J. Janssens

    Sophos Certified Architect
    Sophos Certified Engineer
    Sophos Certified Sales Consultant
    Gold Partner

  • FormerMember
    0 FormerMember in reply to J.Janssens

    Hi ,

    Apologies for the inconvenience. I've followed up with you and replied to your personal message.

    The support engineer called you, but they couldn't get a hold of you. They've sent you the meeting invite, and please reply to the email. 

    Thanks,

Unfiltered HTML