This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.2 and Exchange 2013 SP1

Hi,

I simply cannot get WAF working with customers UTM and Exchange 2013 SP1.

They have only one IP and 1 san domain and 1 external domain.

mail.***.com
autodiscover.***.com

Only 1 Exchange server.

I have followed the guide guide here:

http://sophserv.sophos.com/repo_kb/120454/file/Configuring%20UTM%20firewall%20for%20Exchange.pdf

But this cannot be used because they use different san somain for each function (owa, activesync, autodiscover, ews a.s.o)

I have tried to just allow ActiveSync to it; I can get it working with only autodiscover and ActiveSync, but ONLY with URL hardening disabled, else the logs fills up with "url_hardening:error no signature found"

Can any of you throw some light into this?

This thread was automatically locked due to age.

0 adhodgson over 10 years ago

Hi,

I have the same scenario except for our certificate has the server name as the common domain, and autodiscover and mail.domain.com as SANs.

I couldn't get it working using the published KB articles as we needed different hostnames for each service. So I did my own thing:

- I set up the single web server definition that covers all the hostnames and used no web server protection.

- I used site-path routing to route the relevant URLs to the respective servers. Only issue here is that the WAF is case sensitive.

- The firewall profile I configured allowed Outlook Anywhere.

- I set up the relevant internal and external hostnames on the Exchange servers to match the certificate.

- I had to set up EWS, OAB and Outlook Anywhere to basic external authentication as the UTM doesn't pass through NTLM.

This seems to be working.

Hope this helps.
Andrew.
Cancel
Vote Up 0 Vote Down

Cancel