Options

Mailstore Office 365 Login

SUKSUK
in Firebox - Proxies

Hello,

i'm using the software mailstore for e-mail archive.
We are using the HTTP and HTTPS Proxies of watchguard.
Now the problem is, if i try to login to my Office 365 account over mailstore.
i get this response: Authentification failed.

I have spoken with Mailstore support. The problem seems to be that the communication to *.microsoftonline.com goes through the proxy. This connection must be established without any modification.

How can I configure my T25 so that the requests to Office365 run without proxy?

Regards Christian

Answers

  • Options
    Bruce_BriggsBruce_Briggs

    *.microsoftonline.com is in the HTTPS proxy Predefined Content Inspections Exceptions list. So it should not be being Inspected and should be being Allowed if you have the Predefined Content Inspections Exceptions list Enabled.

    You can add a HTTPS packet filter with domain names in the To: field including things like *.microsoftonline.com. Make sure that the new packet filter ends up above your existing HTTPS proxy in your config.

  • Options
    SUKSUK

    Hello Bruce,
    Thanks for your tips.

    The Predifined Conten list is switched on. Can be used with me
    not be switched off at all. ( is grayed out ).
    I also created a HTTPS and HTTP packet filter with an aliases list of all possible Microsoft pages. These are on the first and second place in the Policies list.
    Unfortunately without success.

    I have attached two photos in the appendix. There you can see that the request still goes through the proxy.

    Does anyone else have an idea how I can change this?


  • Options
    Bruce_BriggsBruce_Briggs

    The link below explains how the firewall identifies the IP addr(s) associated with domain names which are used in policies.

    About Policies by Domain Name (FQDN)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/fqdn_about_c.html

    No idea why your new HTTPS policy is not working without more info.

    Consider trying a packet filter policy with just a few domain names, such as with just these, and see what happens:
    login.microsoftonline.com
    stamp2.login.microsoftonline.com
    outlook.office365.com

    Be sure to turn on Logging on this policy so that you can see log entries which show that it is being used.

Sign In to comment.