os-OPNWAF / Exchange 2019 authentication Popups

[humnab]

Hello,

we're migration from a Sophos UTM to opnsense-business and try to replace the Sophos WAF with os-OPNWAF.
No we have the problem that we get authentication Popups in Outlook when we try to connect externally.
After canceling the popups or entering the password 2-3 times Outlook shows online.
When we do the same with the caddy plugin we have no popups (but no WAF), with the Sophos UTM WAF we also have no Popups.

Any idea whats wrong? The Web Protection is disabled in os-OPNWAF, the Locations are configured as "Exchange Server", the Remote destionatios with https://IP of Exchange...Thanks!

[Monviech (Cedrik)]

The popups should not happen since this apache plugin is compiled in:

https://github.com/opnsense/ports/tree/master/opnsense/mod_proxy_msrpc

Outlook Anywhere should just work the same as in Sophos (fun fact that module was developed by Astaro - which later became Sophos).

When I tested this while writing the manual, it was still working. Is your setup exactly as described? If not, do it like in the manual.

https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server

[humnab]

Hello,

sure, I did it as described in https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server
I set up the mail and the autodiscover virtual server as described and I also played with the authentication settings in the exchange virtual directories, no change. The same exchnage server works with the Caddy Plugin and the Sophos UTM WAF, any ideas?

[Monviech (Cedrik)]

I dont have an idea right now. I also know of customers for who it works as it is right now when using Outlook.

Caddy works because there is an NTML plugin compiled in (I maintain the Caddy plugin too). Though as NTML is deprecated I wonder how long that will still work.

If it works for Sophos UTM please connect to it via SSH and extract the apache config and post it here, maybe we can spot a difference to our apache config.