Web Application Security: Outlook Anywhere Support
We need an Outlook Anywhere connection over the Web Application Firewall to secure the Exchange 2010 Server. Currently it is not possible to forward the RPC Requests through the WAF. A NAT rule is not secure enough.
Benjamin Schwitzer
shared this idea
This feature has been released as part of UTM 9.1. The Web Server Protection (WAF) area has been upgraded with new features to allow the handling of the Outlook Anywhere Protocol. Enjoy!
79 comments
-
Stephan Fietzek
commented
Please post your request in the official beta forum. The developers will have a look at it then.
-
Mirko Gründler
commented
hi, in my outlook autodiscover does not work yet.
the site-path routing to / rpc from the Exchange does not work.Here is the log:
2013:04:22-19:57:53 mail reverse proxy: [Wed April 22 19:57:53.207455 2013] [proxy_msrpc: error] [pid 8230: tid 3786169200] (70007) The timeout specified has expired: [client ***. ***.33.133: 49286] RPC_OUT_DATA: failed to read request body - ap_get_brigade
2013:04:22-19:57:53 mail reverse proxy: srcip = "***.***.33.133" localip = "109 205 205 207" size = "0" user = "-" host = "***.***.33.133" method = "RPC_OUT_DATA" statusCode = "400" reason = "-" extra = "-" time = "300 103 118" url = "/ rpc / rpcproxy.dll" server = "mail.xxxxxxx.com" referer = "-" cookie = "Outlook session = \" {C5E8EE57-4837-49E3-AF91-DF1C2321CCD1} = Outlook 14.0.6126.5000 OS = 6.1.7601 \ "" set-cookie = "-"Does anyone have an idea what is wrong?
I have 9.092-8 build
Thanks Mirko
-
Stefan
commented
does the 9.075-8 build also make RPC working for remote desktop Gateway?
-
Lorenz Steger
commented
See Changelog for 9.1 Beta, Build 9.075-8:
"Add Outlook Anywhere support to WAF"
YEAH!!!! Finally!!! :-) -
Anonymous
commented
With the pending death of TMG would this not be the highest priority? Plenty of people looking for a solution
-
Bernd Zipser
commented
Several Customers would need this urgently.
They wont setup an Exchange Frontend again, just to get this working...This has to be done very soon!!
-
Dennis
commented
RPC over https in MS products is also used for MS Remote Desktop Gateway. Can this feature request add support for MS RDGW as well?
-
andy schweizer
commented
Public Beta 9.1 is out, but no news about support for OutlookAnywhere in the description so far...
-
V. Zier
commented
Hello,
shouldn't UTM 9.1 come late 2012? When is it scheduled now?
Reverse publishing is the last resort for TMG and ISA out there.
WAF must support RPC over HTTPS urgent. -
elmar harhoff
commented
hello,
it´s time to do it ;-)
-
Andre Soehnle
commented
I hope it really comes in 9.1
-
Stefan Vater
commented
Would bei a really huge feature - i think no other company has multi-tenant RPC over HTTP yet.
-
Christian Krüsi
commented
Hello. The last status update from a sophos team member is from June. Is there something new about the time this feature will be available? End of 2012 or begin of 2013 or far, far away in the future? Thanks in advance.
-
Elmar Wegmann
commented
I am with all of you. It's the very most wanted!!
-
Christian Krüsi
commented
We are looking for a new firewall solution untill end of 2012. I was very impressed by the features of the sophos utm, specially the advantages of wireless management and protection built into the firewall. But if we can't secure publish rpc over https for Remote Desktop Gateway and Outlook Anywhere, we can't really use this product. It would really help if this feature was "planned" instead of "under review". Thanks.
-
Anonymous
commented
This is a very important feature! It is very simple: Nobody can afford not to support Exchange.
-
Mario Littero
commented
In my company we have just finished implementing exchange 2010, and after many attempts I was really surprised to read that WAF does not support Outlook Anywhere. It 's strange that microsoft mail client is not supported and it's a big constraint, difficult to explain.
Outlook anywhere will be supported soon, or should I buy TMG? -
Hi everyone,
I am aware this feature is heavily needed. You might notice we recently added some of the other heavily-requested ones, and are developing as fast as we can. I tentatively would like to have this supported in UTM 9.1 later in 2012, and discussions about this are ongoing. The moment I can commit a version for on being able to work more seamlessly with OWA, I'll update this feature immediately. Stay tuned!
-
Christian
commented
Will Sophos anything change? We are still waiting for this feature!
-
andy schweizer
commented
...still waiting to see the green "started" status...or at least "planned"
