OWA (Exchange 2003) with SonicWall TZ 190

Hi,

We've had a power cut earlier which messed up our SonicWall (TZ 190, SonicOS Enhanced 4.2.1.3-4e). Half of our NAT rules went missing, firewall rules had wrong IP addresses etc. - no idea what happened there.
I've changed all the rules and everything is working again - apart from OWA and Active Sync.

I'm confident that NAT is working fine - there's a couple of other firewall rules using the same address objects etc. which are working fine. (Mimecast access for LDAP synchronisation and SMTP acccess for example).

The firewall rule configured allows POP 3, HTTP and HTTPS.
POP 3 access is working, HTTPS access isn't. I have changed the IIS config for OWA temporarily to not require SSL and I can access it fine through HTTP. When SSL is enabled I also receive the message to say that I need to access it via https.
However, when accessing it via https all I get is "Page cannot be displayed". Everything is fine internally - just not working externally. Nothing in the logs. Accessing it via the IP address doesn't work either so I'm pretty certain there's a problem with the SonicWall.

I've created a new rule allowing HTTPS from any source to any source to test and this isn't working either.

Does anyone have any ideas? I'm absolutely lost.

Many thanks
Minime85Asked:
Who is Participating?
 
ExchangePanditCommented:
I have encountered a similar issue but not with SONICWALL firewall, it was a low level firewall and all seems to work (NAT wise) apart from HTTPS, now what I found was that the firewall had assigned port 443 for VPN which was creating 443 traffic to hit the firewall but not go anywhere else and I was getting page cannot be displayed as well. After changing the VPN SSL port to something like 444 I was able to get that working.

Secondly also check whether remote management on the firewall is enabled on port 443 and if it is then change the port to something else.

cheers
0
 
AmitIT ArchitectCommented:
I suggest to test from below site and check where it fails.

https://www.testexchangeconnectivity.com/

That might help you to identify the root cause and possible solution
0
 
Minime85Author Commented:
Many thanks for your reply - as expected, it fails connecting to port 443...
However, there's a rule to allow access from anywhere to our Exchange server for HTTP and HTTPS. WAN to LAN.
(And temporarily another one allowing access from anywhere to anywhere for HTTP and HTTPS).
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Exchange_GeekCommented:
You've followed the link

Regards,
Exchange_Geek
0
 
Minime85Author Commented:
Thanks for the two links...

@Exchange_Geek - yes, I've tried using the wizard, though I'm comfortable setting up NAT rules/firewall rules manually.

@amitkulsherata - I don't think ActiveSync is the problem, it's working internally (just like OWA), just not externally. I'm convinced it's a problem with the Sonicwall...

I'll try installing a later firmware tomorrow morning (we're on the latest stable version but there was one early release since) - if that fails too we'll have to live with it for a couple of weeks (a NSA 200 is on order to replace the old one anyway).

Regards
0
 
Minime85Author Commented:
Argh, it was the remote management port... Had changed that previously in the office and it hasn't done anything but seemingly changing it again now fixed it.

Thank you ExchangePandit!
0
 
ExchangePanditCommented:
you are most welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.