Customers might be unable to connect with us via the Sophos Malaysia Support Hotline number. Our teams are actively working on a fix. In the interim, we request customers to use the backup hotline number - +65 3157 5922 (Singapore) or raise a support request at https://support.sophos.com/.

Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 39 subscribers
  • Views 1746 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IMAP SSL handshake timed out through Sophos XG

BBear

Hello Sophos Community,

 

I am currently experiencing issues when accessing certain external imap servers through my Sophos XG.

I have several different imap accounts configured on my clients (7 accounts) but only 5 of them work through my Sophos without any problem.

When accessing two of them there's an error saying: SSL handshake timeout - all others work without any problem. All accounts work when using another network (e.g. mobile network or a friend's wifi) So this shouldn't be a configuration issue.

 

I have proxy, webfiltering and imap scanning enabled, so I created a FW rule allowing a test client to access any/any, put it on top, disabled webfiltering, created a webfilter exception (just to be sure) but there are still these handshake timeouts.

 

This is everything I get, when trying to check my mails: (unfortunately nothing else in the log files, so far)

Any advice would be appreciated

 

Cheers

 

I am running a Sophos XG 18.0.1 MR-1 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I solved a similar issue by adding the IP address or hostname (TLS SNI) to the URL group included in the "Exclusions by website or category" default rule under SSL/TLS inspection rules.

    The source is an internal server in a zone/nework not included in any of the other rules, but the exclusion was still necessary.

  • 0 in reply to ErikN

    Hi

    Thank you very much for your suggestion but I do not have SSL/TLS inspection enabled:

    So basically this shouldn't be a problem. 

    Cheers

Reply Children
No Data
Unfiltered HTML