cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kbjja
Level 8
Report Inappropriate Content
Message 1 of 5
‎07-31-2018 09:21 AM

Bypassing Outlook via User Agent

Hello,

When my clients are idle for a period of time, outlook disconnects and it is subject to default rules which block access to webmail.

I read the documents about using a user-agent to bypass the client itself.

I see the User-Agent in top properties but it is not showing in the request. How do I craft a rule to use the user-agent from top-properties instead?

I need something that will allow access regardless of if the user has been authenticated with the MWG so that if their session times out, their outlook client still remains active.

Bypass.png

Thanks 🙂

0 Kudos
Reply
4 Replies
aloksard
Employee
Employee
Report Inappropriate Content
Message 2 of 5
‎07-31-2018 10:44 AM

Re: Bypassing Outlook via User Agent

Hi,

Hope you are doing well.

I see here request is getting blocked on CONNECT request itself.

The User-Agent lives inside the SSL tunnel, so the only way to get the User-Agent is to break the SSL tunnel with the SSL scanner and see in the GET request.

 

You can create a rule on top of your poliy maybe using URL.Host matches outlook.office365.com and set action as Stop Cycle maybe.

 

You can also make use of our Bypass Microsoft ( Office 365) services present in our rule set library and enable relevant rules in it.

 

You can use other different ways to allow request for Office 365 URL.

 

Regards

Alok Sarda 

0 Kudos
Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 3 of 5
‎07-31-2018 11:04 AM

Re: Bypassing Outlook via User Agent

Hi,

Also here you are using Header.request.Get (User-Agent ) and trying to get fetch User-Agent from GET request. But here your request for office 365 is getting blocked in CONNECT request itself .

 

Regards

Alok Sarda

0 Kudos
Reply
kbjja
Level 8
Report Inappropriate Content
Message 4 of 5
‎08-01-2018 10:51 AM

Re: Bypassing Outlook via User Agent

Hello,

 

Thanks for the information. How can I whitelist it during the CONNECT instead?

 

I just need outlook to be allowed to bypass the filter for Exchange Online and the connection to that. What is the best practice? I need it done pre-user authentication so that Outlook does not move to 'disconnected' mode.

 

Plese note, I do not want browser access to be allowed - just Outlook desktop client.

0 Kudos
Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 5 of 5
‎08-09-2018 05:37 AM

Re: Bypassing Outlook via User Agent

Hi,

Apologies for the delay here.

You can try creating a rule above the rule which is blocking the request as (Command.Name equals CONNECT or Command.Name equals CERTVERIFY) And URL.host matches outlook.office365.com  with Action as Stop Cycle.

Below this rule create a rule Header.Request.Get(Referer) matches Microsoft.Office/16.0  with action as Stop Cycle.

Below the above 2 rules will be your existing rule which is blocking the request, so if any user tries to access this via browser the GET request should be blocked by that rule.

 

In order for MWG to see the GET request , SSL inspection should be done for this traffic, but it is generally recommended to bypass Office 365 traffic from SSL Scanning.

 

 

Regards

Alok Sarda

 

 

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC