WAF protection templates for common Microsoft services

Hi,

i've installed this beta on a virtual machine to have a look on these WAF templates.

The firewall profiles "Exchange Outlook Anywhere", "Exchange General" and "Exchange AutoDiscover". Are these recommended for MS Exchange 2016, or only 2010/2013.
Don't you need any exceptions?

At the moment Exchange 2016 with mor than one realserver isn't working -.-

 

I think templates for Sharepoint and Office Online also be good.

 

Greetings

Parents Reply Children
  • Hi Attila Kovacs,

    I had already asked in the WAF forum for this Problem (https://community.sophos.com/products/unified-threat-management/f/web-server-security/86547/waf-exchange-2016-load-balancing-causes-login-problems) and had contact with our local Sophos Partner and Sophos Support direct.

    5 Weeks after opening a ticket through our partner at Sophos, I'll get the official statement, that Exchange 2016 isn't supported at the moment. The Sophos support assumes an Exchange support for 9.5, but wan't sure.

    Please fix this bug / support Exchange 2016 with more than one real Server or update the Names of your templates in 9.5 in Exchange 2010/2013 etc.
    and as i said earlier, templates for other popular Microsoft servers would be nice

     

    Regards

  • Hi logan517,

     

    Renaming the templates to reflect the supported versions is definitely a good suggestion, thank you for bringing it up. We'll look into this.

    Adding more templates for more applications is also among our plans, but at this point we don't have a committed timeline for it yet.

    Regarding issue issue with multiple Exchange servers: I understand that you cannot use the approach with the sticky session cookies, but what is the reason behind not trying to solve the issue with reverse authentication? I believe that could be a potential solution for your problem.

     

    Best regards,

    Attila Kovacs
    Product Owner, WAF

  • AttilaKovacs said:
    Regarding issue issue with multiple Exchange servers: I understand that you cannot use the approach with the sticky session cookies

    I set the sicky sesstion, but this din't work

    AttilaKovacs said:
    but what is the reason behind not trying to solve the issue with reverse authentication? I believe that could be a potential solution for your problem.

    We don't want to use the reverse authentication, we want to use the "normal" authentication of clients. The users should not notice that there is a utm etc.