Resolved: Help Exchange Online Blocked
I recently setup pfsense as a SOHO firewall for my home office. Everything is working great except I can't get to my work email from home.
Troubleshooting I did:
I attempted to connect without pfsense & that worked fine
I tried nslookup outlook.office365.com (from my PC & the router), both return appropriate results
I tried pinging outlook.office365.com (from my PC & the router), both time out
I ran the MS support tool that indicates my TCP traffic is being blocked on port 443 somewhere
After running those I attempted to add an allow all rule to the Office365 published IPs but that did not work.
I'm attaching the filter logs from the tests I ran, the firewall rules I configured, & the alias list of the exchange online IPs.
As I'm a bit new to this / slightly confused I was hoping someone on the forum could give me some guidance.
I performed some additional troubleshooting & I'm starting to think there is a configuration error somewhere else that is blocking this.
I reset the router to factory default & disabled all firewall rules for testing. After it rebooted & access was restored I was still seeing the same behavior. As the network was wide open at that point I'm not really sure what the issue is.
If anyone has any ideas I'd welcome them
Why are you using floating rules? Why do you not just have the rules on your LAN interface?
What are you lan rules? Why would you not just use pfsense like it out of the box.. Then try and get fancy with your rules..
I did try to use pfsense out of the box prior to configuring this. For some unknown reason out of the box it is not allowing access to exchange online (web of client).
My LAN rules are the 3 stock lan rules (anti-lockout & the default allow any lan rules for IPv4 / v6).
I can move the exchange access rule from floating over to the lan, but I don't believe that is the cause of the problem.
On the WAN side there are only 3 rules as well (block private networks, block bogon networks, & a nat rule for plex)
I ran a packet capture (see below) & I'm pretty sure this is not a firewall issue at this point. I'll open a new topic in the appropriate place to continue troubleshooting.
When I try to access Exchange online or ping it I get the following in my packet capture:
17:21:17.600215 [REDACTED] (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 188.8.131.52 tell [REDACTED], length 28
17:21:19.601256 [REDACTED] (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 184.108.40.206 tell [REDACTED], length 28
As I don't get any response to that & it just hangs I'm pretty sure its not a firewall issue
why would you be doing arp for exhange IP?? Is 220.127.116.11 suppose to be your gateway??
Apologies for the lack of clarity. 18.104.22.168 is one of the MS Exchange servers that I am attempting to reach. All I see in the logs is the ARP request going out & nothing coming back. I hope this helps
I get that that 40 address is the exchange server.. But unless your wan IP of pfsense thinks that network is local it would never ARP for the mac.. It would send traffic to its gateway, so while you should and get responses for ARP for your gateway IP. You do not arp for IPs that are not local to your interfaces network.
What is the IP address of your pfsense wan? There should be no reason why it would be on the same overlapping network as some public 22.214.171.124
Thanks johnpoz. I have some troubleshooting to do when I get home
Edit: posting resolution in this thread as well.
I got home & you were correct it was a configuration issue. Embarrassingly I setup my static IP incorrectly on the WAN side. I've corrected the configuration & everything is working now. Kicking myself for looking at that 4 times & missing that the subnet was incorrectly configured.
Appreciate your help & patience