Okay. So let's made an quick view about the Settings we'll need to take to get it working. I'll summarize the settings shown in the How2To. I do not want to create 4 WAF Firewall Rules, because all Rules have the Settings (exept Outlook Anywhere).
So here is my list:
1. Upload you Public CA for SSL Signing to your Sophos. 2. Create a new Firewall Profile and select Pass Outlook Anywhere. 2.1 Select Static URL Hardening an enter the specified URLs
This are the directorys Outook, Outlook Web App and any other Applications will use to contact the Exchange Server. So we allow the generell access to the directorys. Cause of the Security Mode of Sophos, the Firewall will only allow access to URLs witch point to the direct Folder like (https://mydomain.tld/owa , but not to https://mydomain.tld/owa/bla/bla)
This be done later in the Exception section.
So we don't select any other Filtering oder Firewall Modes in the Rule. Later you could select one and check if your setup is working but for the beginning let's use a simple setup.
2.2 Add a new Exception List with will be skip checks for Static URL Hardening. Here we need to enter the exceptions for the content of our folder we'll defined before. So we enter here
Sophos will now allow access to the folders entered in the Firewall Rule, and now the the Exceptions Sophos will allow access to all under laying folder and files in the paths. Cause no reason we disable XSS Attacks and enter our Virtual Webserver.
3.0 Create the your Virtual Web Server, point it to your Exchange, select your Public Interface and enter all domains in this style.
domain.tld owa.domain.tld autodiscover.tld
(and if your Exchange Server have another Outlook Anywhere External Adress other than owa.domain.tld, enter it here.)
Select Pass Host Header, because our Exchange would like to check if your client is connected from and Public IP Adress or from an Internal.
So that are the things I understand and why we make the settings. Could some please give me feedback if there are any failures or needs to change? Cause in this configuration Exchange Online Connectivity check had errors connecting via RPC over HTTP and Outlook enter into an error.
Okay. So let's made an quick view about the Settings we'll need to take to get it working. I'll summarize the settings shown in the How2To. I do not want to create 4 WAF Firewall Rules, because all Rules have the Settings (exept Outlook Anywhere).
So here is my list:
1. Upload you Public CA for SSL Signing to your Sophos. 2. Create a new Firewall Profile and select Pass Outlook Anywhere. 2.1 Select Static URL Hardening an enter the specified URLs
This are the directorys Outook, Outlook Web App and any other Applications will use to contact the Exchange Server. So we allow the generell access to the directorys. Cause of the Security Mode of Sophos, the Firewall will only allow access to URLs witch point to the direct Folder like (https://mydomain.tld/owa , but not to https://mydomain.tld/owa/bla/bla)
This be done later in the Exception section.
So we don't select any other Filtering oder Firewall Modes in the Rule. Later you could select one and check if your setup is working but for the beginning let's use a simple setup.
2.2 Add a new Exception List with will be skip checks for Static URL Hardening. Here we need to enter the exceptions for the content of our folder we'll defined before. So we enter here
Sophos will now allow access to the folders entered in the Firewall Rule, and now the the Exceptions Sophos will allow access to all under laying folder and files in the paths. Cause no reason we disable XSS Attacks and enter our Virtual Webserver.
3.0 Create the your Virtual Web Server, point it to your Exchange, select your Public Interface and enter all domains in this style.
domain.tld owa.domain.tld autodiscover.tld
(and if your Exchange Server have another Outlook Anywhere External Adress other than owa.domain.tld, enter it here.)
Select Pass Host Header, because our Exchange would like to check if your client is connected from and Public IP Adress or from an Internal.
So that are the things I understand and why we make the settings. Could some please give me feedback if there are any failures or needs to change? Cause in this configuration Exchange Online Connectivity check had errors connecting via RPC over HTTP and Outlook enter into an error.
