Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Mobile access portal with Office 365

Does anyone have r80.20 or later working with office 365?

 

In particular I am interested in the following:

 

Capsule Mobile access to office365 on IOS.

Mobile access link to OWA in SSL portal.

native mail access in SSL portal.

 

Currently I have apps configured, but they are not working and no error logs are currently being generated.

0 Kudos
Reply
14 Replies
Highlighted
Admin
Admin

0 Kudos
Reply
Highlighted
Contributor

agree, however my primary goal was a direct web link for unsecured PC users, rather than the checkpoint capsule configuration which this SK is designed to answer.

 

The last document I have seen on it said O386 was supported as OWA as of R77.30, but haven't seen anything more recent and my attempts have met in failure.

 

I have asked to see if anyone knows of any clients that have it working with O365, but so far no one is coming forward.

 

I now have a ticket opened for it, as it has become a more critical discussion.

0 Kudos
Reply
Admin
Admin

You did say "Capsule Mobile access to office365 on IOS" which of course made me think of Capsule Workspace.
But I guess what you're referring to is VPN access from an iOS device, a very different question 😬
0 Kudos
Reply
Highlighted
Contributor

So after opening a ticket with support, I have now been told that OWA access to office 365 is not supported.

I and my customer are both shocked and surprised by this given the amount of time that has passed since the release of office 365.

 

0 Kudos
Reply
Highlighted
Champion
Champion

According to sk94489 Mobile Access Portal Support for Outlook Web App (OWA) 2013/2016, Hostname Translation (HT) method is supported for OWA. Also see Mobile Access Administration Guide R80.30 p.211ff for Troubleshooting OWA.

Please explain in detail why TAC told you that OWA access to office 365 is not supported.

0 Kudos
Reply
Highlighted
Contributor

Good question.  I would like to know why myself.

0 Kudos
Reply
Highlighted
Contributor

Saying it only applies to exchange servers, not cloud services.

0 Kudos
Reply
Highlighted
Admin
Admin

I'm curious what you're doing to prevent people from logging into their Office 365 account from some other location (e.g. directly).
Because if you're not doing that, I don't see the point of using MAB.
I'll see if I can get R&D to weigh in here.
0 Kudos
Reply
Highlighted
Participant

This sounds very much like a problem one of our customer has.
In our case, the reason why they can't access Office365 directly (as Phoneboy suggested) is that the authentication is handled by internal systems. That's why the mobile access connection is needed.
The setup worked fine with R77.30 but we have not found a solution for R80.x yet.
SR with Check Point support is open 9 Months now and the issue seems to be reproducible in a Lab environment but R&D is currently still working on the solution.

Highlighted
Contributor

We were trying for the same kind of approach here.  Two factor being enabled for all office 365 sites outside of the whitelisted ones.  If you login to portal, you would be whitelisted.

 

Too bad checkpoint can't come up with a solution on this, I would think it would be pretty common.

0 Kudos
Reply
Highlighted
Participant

Our SR on this issue is still unresolved but I think we are getting closer.
recent tests indicated that the key point here might be that certain URLs that need exclusions from hostname translation.
You can manage these using guidbedit at 'connectra_global_properties' section 'hostnames_not_to_translate'
The list of URLs in 'hostnames_not_to_translate' has some changes from R77.30 to R80.x but he have not yet figured out which of these are relevant for Office 365, but it may be a good Idea to check on these.

0 Kudos
Reply
Highlighted
Contributor

thanks, please keep me informed.
0 Kudos
Reply
Highlighted
Participant

@Ted_Serreyn 

We got a solution!
apparently some changes in the libLinkTrans.so and libModCvpn.so were necessary.
We finally got a readily packaged Hotfix (for R80.30 JHF Take 19)
cvpn_HOTFIX_R80_30_JHF19_MAB_URLPARSER_MAIN_GA_FULL.tgz

The fix will also be included in future Jumbo HFA Takes

Watch out for Issue ID MAGB-781

0 Kudos
Reply
Highlighted
Contributor

thanks for keeping on top of it, I'm excited to see in the the jumbo hotfix so we can reconfigure things and try this with the customer again.

 

Especially important as people are working home with the corona virus.

0 Kudos
Reply