OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: bob.rjk on July 20, 2021, 02:14:15 pm

Title: Office 365 apps activation
Post by: bob.rjk on July 20, 2021, 02:14:15 pm
Hi All,

Having an issue since updating to 21.1.8 with IPS blocking users office 365 installations from staying activated.
I have gone through all the alerts in intrusion detection and cant find the rule blocking this to be able to disable it.

Disabling IPS allows office to activate so a rule must be blocking it even though its not showing in the alerts.

Anyone else having this issue or discovered the rule blocking it ?
Title: Re: Office 365 apps activation
Post by: the-mk on July 20, 2021, 08:23:10 pm
question: your windows pc - network icon in the task bar - does it show offline or online?
I had this once with one box and had to run the windows network troubleshooting go get over that issue...
I first also thought it might be something like Sensei or PiHole, but since other similar setup PCs did not show that issue and the only difference was the network icon - I had to fix it with network troubleshooting, but it takes some time until windows shows your network online (connected to the internet again)
Title: Re: Office 365 apps activation
Post by: bob.rjk on July 21, 2021, 10:14:03 am
Thanks for your response, no issues with network in windows.
Also this is happening at many different sites and the only way to activate office 365 is to disable IPS.
As soon as its disabled closing and re-opening word or excel activates the license.
I have tried to manually activate with IPS enabled and office apps show an error not being able to activate due to network problems.
I have checked the Intrusion Detection alerts when manually trying to activate and there are no entries to show it being blocked. Its definitely IPS blocking it but I have no way to stop it.
Title: Re: Office 365 apps activation
Post by: bob.rjk on July 26, 2021, 01:59:03 pm
Just to update, after testing by disabling rule sets one by one it turned out to be ET open/emerging-exploit blocking the activation.
I have twelve different sites all with the same issue and none of them show any alerts from ET open/emerging-exploit making it impossible to find the rule within the set actually blocking the connection.
Anyway I hope this helps anyone with the same issue.