This article explains how to setup your Smoothwall so that you are able to allow the use of Microsoft Office 365 clients.
Microsoft Office 365 may be blocked or inaccessible with your current Smoothwall configuration.
To enable the use of Microsoft Office 365 clients:
- Create a firewall rule(s) that allows the following ports:
- TCP port 5061
- UDP port 3478
- TCP/UDP port 5223
- UDP ports 50000-59999
For pre-Inverness customers See our help topic, Working with Outbound Access Policies.
For customers running Inverness or higher, see our help topic, Adding new Firewall rules.
- Navigate to Guardian > Web Filter > Policy Wizard.
- Create a Web Filter Policy with the following settings:
Who *As Required
What Microsoft Office 365 [NEW]
Where *As Required
When *As Required
- Navigate to Guardian > Policy Objects > Categories .
- In the Categories panel, expand Standard Categories.
- Edit Microsoft Office 365 [NEW].
- Add mydomain.local to Domain/URL filtering where mydomain.local is your firstname.lastname@example.org.
For more information see our help topic, Creating authentication exceptions.
Also, ensure that the following categories are added to Authentication Exceptions:
- Software Updates
Note: On some Windows XP and Android clients, despite using proxy settings, some of the traffic from the Lync login process attempts to go out directly on port 443 regardless of proxy settings. If you are using transparent HTTPS interception, this traffic may be intercepted, however Lync does not support SNI and will not connect.
If you filter the web filter real-time logs by the IP of your test client and obtain the destination IPs Lync is using, these can be added as custom entries to the built in category entitled Transparent HTTPS Incompatible Sites go to Guardian > Policy objects > Categories > Categories > Standard categories.
Seeing HTTP Code 503 in the Web Filter Logs
Using Auto Configuration URL in Outlook Client fails to configure the client and you see HTTP Code 503 in the guardian logs.
Office 365 does NOT support HTTPS for the auto configuration URL. This will most likely be caused by an SRV record or group policy setting. Most likely it’s a setting leftover from when an Exchange server was used on site before moving to a cloud solution. Even if the Exchange function has been removed from a server, Exchange schema changes to the domain schema cannot be removed.
You will need to use HTTP else you will see HTTP Code 503 when accessing autodiscover.yourdomain.com see https://support.microsoft.com/en-gb/kb/2612922.