WAF protection templates for common Microsoft services

Hi,

i've installed this beta on a virtual machine to have a look on these WAF templates.

The firewall profiles "Exchange Outlook Anywhere", "Exchange General" and "Exchange AutoDiscover". Are these recommended for MS Exchange 2016, or only 2010/2013.
Don't you need any exceptions?

At the moment Exchange 2016 with mor than one realserver isn't working -.-

I think templates for Sharepoint and Office Online also be good.

Greetings

Parents

0 AttilaKovacs over 7 years ago

Hi logan517,

The Exhange profiles are mainly for Microsoft Exchange 2010 or 2013. Unfortunately you cannot apply them directly for Exchange 2016 due to the changes Microsoft introduced in Exchange 2016. If you would like to use the UTM WAF with Exchange 2016, I recommend the following guide for now:

https://www.frankysweb.de/sophos-utm-9-4-waf-und-exchange-2016/

Best regards,

Attila Kovacs
Product Owner, WAF
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 logan517 over 7 years ago in reply to AttilaKovacs

Hi Attila Kovacs,

I had already asked in the WAF forum for this Problem (https://community.sophos.com/products/unified-threat-management/f/web-server-security/86547/waf-exchange-2016-load-balancing-causes-login-problems) and had contact with our local Sophos Partner and Sophos Support direct.

5 Weeks after opening a ticket through our partner at Sophos, I'll get the official statement, that Exchange 2016 isn't supported at the moment. The Sophos support assumes an Exchange support for 9.5, but wan't sure.

Please fix this bug / support Exchange 2016 with more than one real Server or update the Names of your templates in 9.5 in Exchange 2010/2013 etc.
and as i said earlier, templates for other popular Microsoft servers would be nice

Regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 AttilaKovacs over 7 years ago in reply to logan517

Hi logan517,

Renaming the templates to reflect the supported versions is definitely a good suggestion, thank you for bringing it up. We'll look into this.

Adding more templates for more applications is also among our plans, but at this point we don't have a committed timeline for it yet.

Regarding issue issue with multiple Exchange servers: I understand that you cannot use the approach with the sticky session cookies, but what is the reason behind not trying to solve the issue with reverse authentication? I believe that could be a potential solution for your problem.

Best regards,

Attila Kovacs
Product Owner, WAF
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 AttilaKovacs over 7 years ago in reply to logan517

Hi logan517,

Renaming the templates to reflect the supported versions is definitely a good suggestion, thank you for bringing it up. We'll look into this.

Adding more templates for more applications is also among our plans, but at this point we don't have a committed timeline for it yet.

Regarding issue issue with multiple Exchange servers: I understand that you cannot use the approach with the sticky session cookies, but what is the reason behind not trying to solve the issue with reverse authentication? I believe that could be a potential solution for your problem.

Best regards,

Attila Kovacs
Product Owner, WAF
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 logan517 over 7 years ago in reply to AttilaKovacs

AttilaKovacs said:
Regarding issue issue with multiple Exchange servers: I understand that you cannot use the approach with the sticky session cookies
I set the sicky sesstion, but this din't work

AttilaKovacs said:
but what is the reason behind not trying to solve the issue with reverse authentication? I believe that could be a potential solution for your problem.

We don't want to use the reverse authentication, we want to use the "normal" authentication of clients. The users should not notice that there is a utm etc.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel