https://community.sophos.com/utm-firewall/f/web-server-security/114628/exchange-owa-access-through-web-application-firewallSo I am trying to configure Exchange OWA web access through the Webserver protection area on our UTM 9. I&#39;ve followed the guide here: https://community.sophos.com/kb/en-us/131787 However I am still unable to login with a test user to our Exchange serveren-USTelligent Community 12https://community.sophos.com/thread/412108?ContentTypeID=1Thu, 15 Aug 2019 09:57:34 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:862e6034-c915-43a2-808f-ddce210e7304Jammy<p>[quote user=&quot;Jnurse&quot;]</p> <p>&nbsp;</p> <div class="quote-header">&nbsp;</div> <blockquote class="quote"> <div class="quote-user">Evianne</div> <div class="quote-content"> <p>&nbsp;</p> <div class="quote-header">&nbsp;</div> <blockquote class="quote"> <div class="quote-user">Jnurse</div> <div class="quote-content"> <p>Hi,</p> <p>&nbsp;Tried this and no luck. Here are the logs for when I tried;</p> <p>&nbsp;</p> </div> </blockquote> <div class="quote-footer">&nbsp;</div> <p>&nbsp;</p> <p>&nbsp;</p> <p>Next step would be to disable Reverse Authentication.</p> <p>This helps you to make sure, that you can authenticate with Basic Auth over the WAF at your Exchange.</p> <div style="clear:both;">&nbsp;</div> <p>&nbsp;</p> </div> </blockquote> <div class="quote-footer">&nbsp;</div> <p>&nbsp;</p> <p>&nbsp;</p> <p>Hi,</p> <p>&nbsp;</p> <p>If I remove the authentication profile from all the virtual webservers then I am able to get to OWA and authenticate successfully so something is going wrong with the authentication pass-through I assume....</p> <p>&nbsp;</p> <p>Thanks,</p> <p>James</p> <div style="clear:both;">&nbsp;</div> <p>[/quote]</p> <p>&nbsp;</p> <p>Although I can&#39;t seem to use the Outlook mobile app as I get &#39;Login error&#39; and the following appears in the log;</p> <p><a href="https://community.sophos.com/cfs-file/__key/communityserver-discussions-components-files/57/Web-application-firewall3.txt">community.sophos.com/.../Web-application-firewall3.txt</a></p> <div>&nbsp;</div><div style="clear:both;"></div>https://community.sophos.com/thread/412104?ContentTypeID=1Thu, 15 Aug 2019 09:19:26 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:198aa900-77e4-485a-8d99-aec7cdc77b2bJammy<p>[quote user=&quot;Evianne&quot;]</p> <p>&nbsp;</p> <div class="quote-header">&nbsp;</div> <blockquote class="quote"> <div class="quote-user">Jnurse</div> <div class="quote-content"> <p>Hi,</p> <p>&nbsp;Tried this and no luck. Here are the logs for when I tried;</p> <p>&nbsp;</p> </div> </blockquote> <div class="quote-footer">&nbsp;</div> <p>&nbsp;</p> <p>&nbsp;</p> <p>Next step would be to disable Reverse Authentication.</p> <p>This helps you to make sure, that you can authenticate with Basic Auth over the WAF at your Exchange.</p> <div style="clear:both;">&nbsp;</div> <p>[/quote]</p> <p>&nbsp;</p> <p>Hi,</p> <p>&nbsp;</p> <p>If I remove the authentication profile from all the virtual webservers then I am able to get to OWA and authenticate successfully so something is going wrong with the authentication pass-through I assume....</p> <p>&nbsp;</p> <p>Thanks,</p> <p>James</p><div style="clear:both;"></div>https://community.sophos.com/thread/412103?ContentTypeID=1Thu, 15 Aug 2019 09:13:23 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:7e03635e-00fa-4706-861e-e4b28845cfc6Evianne<p>[quote user=&quot;Jnurse&quot;]</p> <p>Hi,</p> <p>&nbsp;Tried this and no luck. Here are the logs for when I tried;</p> <p>&nbsp;[/quote]</p> <p>&nbsp;</p> <p>Next step would be to disable Reverse Authentication.</p> <p>This helps you to make sure, that you can authenticate with Basic Auth over the WAF at your Exchange.</p><div style="clear:both;"></div>https://community.sophos.com/thread/412099?ContentTypeID=1Thu, 15 Aug 2019 08:51:42 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:8b0142b9-d872-4029-a0fe-c40663446963Jammy<p>[quote user=&quot;Evianne&quot;]</p> <p>Hi,</p> <p>you got a lot of errors like &#39; [client 52.125.138.122:40866] Client is listed on DNSRBL black.rbl.ctipd.astaro.local&#39; in your logs.<br /><br />Make an exception for this IP (or your network) for &#39;Block clients with bad reputation&#39; and test again.</p> <p>&nbsp;</p> <p>Best,</p> <p>&nbsp;Sabine</p> <div style="clear:both;">&nbsp;</div> <p>[/quote]</p> <p>&nbsp;</p> <p>Hi,</p> <p>&nbsp;</p> <p>Tried this and no luck. Here are the logs for when I tried;</p> <p>&nbsp;</p> <p><a href="https://community.sophos.com/cfs-file/__key/communityserver-discussions-components-files/57/Web-application-firewall2.txt">community.sophos.com/.../Web-application-firewall2.txt</a></p><div style="clear:both;"></div>https://community.sophos.com/thread/412092?ContentTypeID=1Thu, 15 Aug 2019 07:12:02 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:e36c78a9-e827-4431-aba7-e1584c144537Evianne<p>Hi,</p> <p>you got a lot of errors like &#39; [client 52.125.138.122:40866] Client is listed on DNSRBL black.rbl.ctipd.astaro.local&#39; in your logs.<br /><br />Make an exception for this IP (or your network) for &#39;Block clients with bad reputation&#39; and test again.</p> <p>&nbsp;</p> <p>Best,</p> <p>&nbsp;Sabine</p><div style="clear:both;"></div>https://community.sophos.com/thread/412046?ContentTypeID=1Wed, 14 Aug 2019 19:25:51 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:b47c29e9-5893-40bb-a51e-a006284bab08Jammy<p>[quote user=&quot;Alexander Busch&quot;]But this KB never said do authentication via UTM.</p> <p>I think that is the problem. Try to do the authentication on Exchange/IIS. This should help.</p> <p>Best regards </p> <p>Alex </p> <p>[/quote]</p> <p>It said optional was to use &#39;basic&#39; or &#39;form&#39; pass through. If I turn authentication off for the webserver then I get access denied message and no option to authenticate with owa </p><div style="clear:both;"></div>https://community.sophos.com/thread/412045?ContentTypeID=1Wed, 14 Aug 2019 19:06:30 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:1a897dd1-34c2-4822-a8a6-3257ee3c5658Alexander Busch<p>But this KB never said do authentication via UTM.</p> <p>I think that is the problem. Try to do the authentication on Exchange/IIS. This should help.</p> <p>Best regards </p> <p>Alex </p><div style="clear:both;"></div>