Cloud SWG (formerly known as WSS) intercepts Office 365 e-mail traffic on port 443 even with SSL disabled
search cancel

Cloud SWG (formerly known as WSS) intercepts Office 365 e-mail traffic on port 443 even with SSL disabled

book

Article ID: 168845

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

The unexpected SSL interception behavior only occurs with the following condition.

  • Transparent deployment (Firewall/VPN and WSS Agent)

  • Trying to connect to Outlook 365

[Note]
Normal HTTPS access, such as https://www.bluecoat.com, is unaffected.

Error message received is: 

Security Alert: autodiscover.<companyname>.mail.onmicrosoft.com

Cause

This is expected behavior from the Web Security Service.

The client accesses autodiscover.XXXXX.onmicrosoft.com when attempting to connect to Outlook 365.
However, autodiscover.XXXXX.onmicrosoft.com on port 443 does not exist.
The cloud service intercepts this SSL traffic, which causes the error: tcp_error.

Resolution

Workaround:

Go to Policy ->Threat Protection ->G2 ->Trusted Destinations:

  • Add autodiscover.XXXXX.onmicrosoft.com to the bypass list
  • Go to a cmd prompt and use nslookup to obtain the IP address of the above as well and add the IP address or possibly addresses to the bypass list.


Also, go to Policy ->Content & Malware Analysis ->Scanning Exemptions ->Destinations

  • .Add autodiscover.XXXXX.onmicrosoft.com to the bypass list
  • Go to a cmd prompt and use nslookup to obtain the IP address of the above as well and add the IP address or possibly addresses to the bypass list.

 

Another alternative would be to Disable Auto Discover function from Microsoft site: https://support.microsoft.com/en-us/kb/2212902. Please realize that this is a registry change that would need to be performed on each client machine.

Powered by Wolken Software