Hello Sophos Community,
I am facing actually the issue, that Samsung Smartphones are perfectly synchronising through the WAF with my Exchange server, but iPhones won't work.
At the WAF log is an entry which is showing the following error:
2019:02:13-12:46:12 myutm httpd[31818]: [security2:error] [pid 31818:tid 4127116144] [client sourceip:50693] [client sourceip] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "destinationurl"] [uri "/mapi/emsmdb/"] [unique_id "XGQDhMCosQEAAHxKV3kAAAAA"]
2019:02:13-12:46:12 myutm httpd: id="0299" srcip="sourceip" localip="192.168.177.1" size="0" user="-" host="sourceip" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipTFT, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="34287" url="/mapi/emsmdb/" server="destinationurl" port="443" query="?MailboxId=58293306-49ed-4ae5-8ff4-21a2a2dcbd40@domain.com" referer="-" cookie="MapiContext=MAPIAAAAAOy/7L7orfXF9Nfl1eTd8MDy3+7f/838xvXB+8j8poW0jLyNtIa0hrSHOBMAAAAAAAA=;MapiRouting=UlVNOjQ4YzgwOGY0LTY1MDQtNGM5NS04MzQ1LTU0MDEzODE5MDZkNDrlxH/RqJHWCA==;MapiSequence=41-drpENg==;X-BackEndCookie=58296706-49ed-4ae5-8ff5-21a2a2dcbd40=u56Lnp2ejJqByMmbz87Ny8fSz8vNm9LLxpnO0p6dx53SnMvHmZnIx87Iy8zHgYHNz87G0s/M0s7Kq87OxcvKxcrI" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XGQDhMCosQEAAHxKV3kAAAAA"
Has anybody an idea what that error means and how to get rid of it?
Thank you and best regards,
Johnny
Edit: I just wanted to add, that the iPhone sync was running for a couple of years without a problem. If the iPhones are connected to the company wifi (no Sophos between Phones and Exchange) the sync is working. BUT: Even with the Outlook App for iPhones the sync is working outside the company wifi. Very strange.
This thread was automatically locked due to age.
