Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
We have an on-prem Exchange Server, and all computers on the local network use Outlook 2013. Right after we deployed our XG Firewall (SFOS 18.0.4) seemingly at random, users will get a pop-up box in Outlook asking them to sign in. Even if they enter the correct credentials the box will pop up again and again. If they click cancel, Outlook immediately reconnects to the Exchange server anyway, and Outlook works just fine. This could have nothing to do with XG but I can tell you this started happening right after we deployed our XG Firewall. I am wondering if traffic is getting blocked and is causing this unexpected behavior. Nothing else has changed on the network. Has anyone else experienced this and/or do you have any recommendations on how I can troubleshoot this?
is the server on the same network as the users?
Sound like some of the user setups have a bypass the local server for some mail sites?
Hi ecar13To confirm if it's an issue with XG or not, create a test plain rule without any scanning or policy for one test user and see still if the user observes the same issue or not. If the issue is not observed with the plain rule, try by applying scanning/policy one by one original rule and see which one is causing the issue.
Exchange server is in the DMZ. All workstations are on the main network. There is a plain vanilla firewall rule that allows traffic between the Exchange server and the main network. All users are on the domain. Most users have Outlook 2013. Some have Outlook 2019 and some have Office 365. Not all users are getting prompted with the Outlook login popup box. And it's not limited to a specific version of Outlook. (At least one user from each version gets this pop-up box). Each installation of Outlook is ONLY configured to connect to the Exchange server. No POP3 or IMAP or gmail or anything like that. Strictly Exchange connection for company email.
I have another thread on this forum that appears to be a completely different topic > https://community.sophos.com/xg-firewall/f/discussions/125297/internal-traffic-blocked-by-authentication-ntlmauth
However I am thinking the 2 issues are related. Somehow the XG firewall is having trouble with Kerberos and NTLM authentication EVEN between subnets on the private network and as a result, internal communication across VLANs (subnets) is getting blocked. I am hoping that once this issue gets resolved it will also take care of this Outlook issue.
I did that. With the help of Sophos support while on a remote session, I picked on user who was constantly getting prompted to enter his credentials to connect to the Exchange Server. Created a rule at the top of the list that actively targets his workstation with destination Any and services Any. No match users. No web policy. No linked NAT rule. No app control or IPS scanning. With that rule active for 2 days he still continued to get prompted.
please post a copy of the firewall rule.