Sonicwall Firewall & Exchange 2000 OWA

We have a customer who is trying to squeeze every last breath from their SBS 2000 installation.

We have demonstrated the benefits of SBS 2003 but they dont want to spend the cash (yet!)

Anyway, after being told about Outlook Web Access hundreds of times we got asked the question

“can i access my email away from the office?”

Since they had a new firewall recently we needed to configure the correct ports.

So we opened up

HTTP (80), HTTPS (443), IMAP4 (143) and IMAP4TLS (993)

Thankly OWA 2003 is far easier!

Anyway we decided to log in and test it before we let them use it.

Prompted for login details as expected,

Page loads the OWA interface

Right hand pane says “loading” and the folder list is just an hourglass.

We waited a few minutes but nothing happened. I went back and double checked the ports were correct (useful MS article here)

I decided to check the firewall logs and thats when i realised the problem

The Sonicwall firewall has an Intrusion Prevention Service (IPS) module. It had flagged up a couple of alerts

IPS Prevention Alert: WEB-IIS MS00-058 View Script Source Via Translate Header, SID: 1339, Priority: Low 

IPS Prevention Alert: WEB-MISC SELECT FROM Attempt (possible SQL Injection), SID: 1827, Priority: Low

The firewall had deemed that accessing OWA was an threat to the network.

I double checked that the SBS was fully patched and changed the settings from “block” to “alert”, it lets it through but at least i’ll know if any unauthorised access is attempted

I’m not entirely happy about this as a solution but OWA duly worked once i’d changed the settings

As soon as they make the move to SBS 2003 i’ll put the settings back

Hope this is of use to someone!