1.2.3 to 2.1.4 activesync/owa port 443 redirect being blocked?



  • the scenario is that i loaded a configuration from my existing box with 1.2.3 to another box with 2.1.0.  i updated that box to 2.1.4 after i uploaded that configuration.  Everything works fine except for my exchange activesync/owa connectivity which is broken and i don't see any default rules blocking in the logs.  So I tried inputting all the config including rules from scratch onto a 3rd box with 2.1.4 and same thing.  No dice with activesync and owa.  mail works fine otherwise on 25, just activesync and owa which uses 443.  Any ideas on what could be causing this.  Did something significant change between these versions with nat reflection or maybe something with dns?

    Any help on this would be greatly appreciated.  the 1.2.3 box needs to be replaced so trying desperately to get this done by tomorrow.  I have tried a multitude of toggles with nat reflection default options as well but who knows i'm definitely missing something.



  • ok so i did find that an android device required an update to the security policy, so maybe this is a certificate issue with the new mac address on the new boxes even though i gave it the same external ip?  btw i'm forwarding a Proxy ARP bound Virtual IP on the WAN port.  I have 4-5 ip's from my isp so the web/ssl ports are directed from that virtual IP.  it was setup the same way though on both boxes.



  • ok its a certificate issue, i had to spoof the old wan's mac address onto the new wan interface card