Thread Info
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 8858 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 vs SharePoint online (o365)

TamasWallner

Hello,

I have a PoC environment for my company regarding UTM9 implementation. Everything works pretty much as expected except O365. Especially SharePoint online. I created a Site for my internal team members holding various office documents. If anyone click on any of the link it opens in a webpage without any issues (eg word docs in Word Online, excel docs in Excel online, etc). But if someone wants to open the file in the proper app (eg Word or Excel) the file they get some error message saying "Sorry, we coludn't open 'url.sharepoint.com/Shared Documents/documentname.docx" and/or "Sorry, we can't open "url.sharepoint.com/Shared%20documents/documentanme.docx" because the server isn't responding".

SSO works. I created the exception for each and every sharepoint online related site (as per microsoft documentation). I assume I miss a very simple thing but can't find what.



This thread was automatically locked due to age.
Parents

  • Hi,

    Thanks for choosing Sophos.

    If Web Protection is deployed in Transparent mode, you can add each sharepoint links in destination host skip list (Web Protection> Filter option > Misc > Skip list destination). Also, check #1 in the Rulz, let us know if you discover anything that forces this issue.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • in reply to sachingurung

    Hello,

    Thanks for the quick response. The UTM9 was installed in Standard mode. Would it be any impact if I change the Operation mode from Standard to Transparent?

    Update: Transparent mode cannot be used in our environment due the limitations of the Transparent mode. The solution must be take place on Standard mode.

  • in reply to TamasWallner

    Hi,

    I think we got the issue, here the server is not replying to the proxy. Using UTM in standard mode will explicitly define UTM as an intermediate proxy and you will need to configure UTM IP as proxy in browser. It could be possible that TLS communication between server and UTM fails due to standard mode. You test transparent mode configurations and the only change will be to remove the proxy settings from the web browser.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • in reply to sachingurung

    Hello,

    Yes, in my environment we use pac file and the UTM is configured on the browsers via GPO. I think (but it's only thinking out loud) something block the office app to be able to open the file. It can be downloaded. It can be open in office online. But it cannot be opened via the office desktop app. The communication works between the client and sharepoint online without any issue except this one. But (and please correct me if i'm wrong) with transpaernt mode I won't have SSO (which mandatory)

  • in reply to TamasWallner

    Hi, Tamas, and welcome to the UTM Community!

    The fundamental difference in skipping sites between Standard and Transparent is that skipping is done in the UTM for Transparent and in the client browser for Standard.  As you have PAC and GPO capability, you can easily do either.

    It's now possible to do SSO in Transparent, but I prefer the greater control offered by Standard.  You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch translated by fellow member hallowach when he and I did a major revision in 2013.

    In order to help you more with this, we will need to see a few lines from the Web Filtering log and/or the logs mentioned in #1 in Rulz as Sachin suggested.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • in reply to TamasWallner

    Hi, Tamas, and welcome to the UTM Community!

    The fundamental difference in skipping sites between Standard and Transparent is that skipping is done in the UTM for Transparent and in the client browser for Standard.  As you have PAC and GPO capability, you can easily do either.

    It's now possible to do SSO in Transparent, but I prefer the greater control offered by Standard.  You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch translated by fellow member hallowach when he and I did a major revision in 2013.

    In order to help you more with this, we will need to see a few lines from the Web Filtering log and/or the logs mentioned in #1 in Rulz as Sachin suggested.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML