How to Fix EWS Connection Issues in Acronis Cyber Protect for Microsoft 365 Backups

How to Fix EWS Connection Issues in Acronis Cyber Protect for Microsoft 365 Backups

by | Apr 8, 2025 | Uncategorized

When configuring Microsoft 365 backups in Acronis Cyber Protect Advanced, you may encounter the following error message:

Failed to connect to the Exchange server 'https://outlook.office365.com/EWS/Exchange.asmx' using EWS APIError code: 5963824.NET exception 'System.Net.WebException': The underlying connection was closed: An unexpected error occurred on a receive.

Root Cause

This error typically indicates a failure in establishing a secure TLS connection between Acronis and Microsoft Exchange Online. It may be caused by:

  • Outdated .NET/TLS settings on the server
  • Missing Azure AD permissions or expired app registration
  • Firewall or proxy interference
  • Obsolete Acronis agent components

Step-by-Step Fix

1. Ensure TLS 1.2 is Enabled

Apply the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]"SchUseStrongCrypto"=dword:00000001"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]"SchUseStrongCrypto"=dword:00000001"SystemDefaultTlsVersions"=dword:00000001

Then reboot the system.

2. Test the EWS Connection

PowerShell:Invoke-WebRequest https://outlook.office365.com/EWS/Exchange.asmx

The request should return an HTTP status (401 Unauthorized is fine – it proves connectivity).

3. Verify Azure App Registration

  • Ensure the app is registered in Azure AD
  • Grant full_access_as_app permissions for Exchange
  • Consent as an administrator in the Azure portal

4. Reauthorize Microsoft 365 in Acronis

In the Acronis web console:

  • Remove and re-add the Microsoft 365 account
  • This forces token refresh and reinitializes the connection

5. Update Acronis

Ensure you’re running the latest version of Acronis Cyber Protect Advanced, as older versions (pre-15.0.29280) have known TLS/EWS issues.

6. Check Firewall / Proxy

Allow direct access to the following domains:

  • outlook.office365.com
  • login.microsoftonline.com
  • graph.microsoft.com

If TLS inspection is enabled, add exceptions for Acronis traffic or disable inspection for outbound Microsoft 365 traffic.

Conclusion

By enabling TLS 1.2, validating Azure permissions, and verifying connectivity, you can resolve the EWS API connection issue and ensure seamless backups of Microsoft 365 mailboxes using Acronis Cyber Protect.

 

Step-by-Step Guide: Installing Ollama and Open WebUI

Step-by-Step Guide: Installing Ollama and Open WebUI

by | Jan 19, 2025 | Uncategorized



Table of Contents

Step-by-Step Guide: Installing Ollama and Open WebUI on VMware Fusion (Debian 12, M1 Mac)

💡 Setup Guide

🖥️ System Requirements

ResourceRecommended
RAM16GB (Minimum: 8GB)
vCPUs4 (Minimum: 2)
Disk Space50GB+
GPUNot required (runs on CPU)
OSDebian 12

1️⃣ Create a Debian 12 VM on VMware Fusion

  1. Download Debian 12 ISO from official Debian website.
  2. Create a new VM in VMware Fusion:
    • Choose “Install from disk or image” → Select the Debian 12 ISO.
    • Set CPU: 4 cores (Recommended: 4, Minimum: 2).
    • Set RAM: 16GB (Minimum: 8GB).
    • Set Disk size: 50GB+.
    • Set Network to “Bridged” (so the VM gets its own IP like 192.168.2.43).
    • Click Finish to create the VM.
  3. Install Debian 12:
    • Select “Standard system utilities”.
    • Choose SSH server (if you want remote access).
    • Install sudo (important for permissions).
  4. Update system after installation:
    sudo apt update && sudo apt upgrade -y

2️⃣ Install Docker & Portainer

  1. Install required packages:
    sudo apt install -y curl ca-certificates gnupg
  2. Install Docker:
    curl -fsSL https://get.docker.com | sudo bash
  3. Enable Docker to start on boot:
    sudo systemctl enable --now docker
  4. Install Portainer:
    docker volume create portainer_datadocker run -d \  --name portainer \  --restart=always \  -p 8000:8000 -p 9000:9000 \  -v /var/run/docker.sock:/var/run/docker.sock \  -v portainer_data:/data \  portainer/portainer-ce:latest
  5. Access Portainer Web UI:
    Open http://192.168.2.43:9000 in a browser and set up an admin password.

3️⃣ Deploy Ollama + Open WebUI in Portainer

Create a Stack in Portainer

  1. Go to Portainer UI (http://192.168.2.43:9000).
  2. Navigate to “Stacks” → “Add stack”.
  3. Enter a name (deepseek-coder).
  4. Paste the following docker-compose.yml:version: “3.8”

    version: “3.8”

    networks:
    deepseek_ollama-net:
    external: true

    services:
    ollama:
    image: ollama/ollama:latest
    container_name: ollama
    restart: unless-stopped
    ports:
    – “11434:11434”
    networks:
    – deepseek_ollama-net
    volumes:
    – ollama_data:/root/.ollama
    environment:
    – OLLAMA_HOST=0.0.0.0 # Erlaube Verbindungen von außen
    logging:
    driver: “json-file”
    options:
    max-size: “10m”
    max-file: “3”

    webui:
    image: ghcr.io/open-webui/open-webui:main
    container_name: ollama-webui
    restart: unless-stopped
    ports:
    – “3000:8080”
    networks:
    – deepseek_ollama-net
    volumes:
    – webui_data:/app/backend/data
    environment:
    – OLLAMA_API_BASE_URL=http://ollama:11434
    depends_on:
    – ollama
    logging:
    driver: “json-file”
    options:
    max-size: “10m”
    max-file: “3”

    volumes:
    ollama_data:
    webui_data:

  5. Click “Deploy the stack” and wait for it to start.

4️⃣ Verify & Configure Open WebUI

Check if the containers are running

Run:

docker ps

Expected output:

CONTAINER ID   IMAGE                                STATUS          PORTSxxxxxxxxxx     ollama/ollama:latest                 Up (running)    0.0.0.0:11434->11434/tcpxxxxxxxxxx     ghcr.io/open-webui/open-webui:main   Up (running)    0.0.0.0:3000->8080/tcp

Load DeepSeek-Coder-v2 into Ollama

docker exec -it ollama ollama pull deepseek-coder-v2

Wait for the download to complete. Then check if it’s available:

docker exec -it ollama ollama list

Expected output:

deepseek-coder-v2

Restart Open WebUI

docker restart ollama-webui

Open WebUI in browser

Visit:
👉 http://192.168.2.43:3000

5️⃣ Test the AI Model

Option 1: API Test via cURL

curl http://192.168.2.43:11434/api/generate -d '{  "model": "deepseek-coder-v2",  "prompt": "Write a Python function to check for prime numbers.",  "stream": false}'

Option 2: Use Open WebUI

  1. Go to Open WebUI (http://192.168.2.43:3000).
  2. Go to “Settings” → “Connections”.
  3. Set API URL to:
    http://192.168.2.43:11434
  4. Save & refresh the page.
  5. Try asking a question!

6️⃣ Troubleshooting

Check if containers are running

docker ps

Check if Ollama has models

docker exec -it ollama ollama list

If empty, run:

docker exec -it ollama ollama pull deepseek-coder-v2

Check if Ollama API is working

curl http://192.168.2.43:11434/api/tags

Expected output:

{"models":["deepseek-coder-v2"]}

Check Open WebUI logs

docker logs ollama-webui

🎯 Summary

Debian 12 installed on VMware Fusion
Docker & Portainer installed
Ollama & Open WebUI deployed via Portainer
DeepSeek-Coder-v2 installed & tested
Web interface working on http://192.168.2.43:3000

Now you have a fully working LLM environment on Debian 12! 🎉🚀
Let me know if you need any refinements! 😊

Why I Transitioned from Veeam to Acronis

Why I Transitioned from Veeam to Acronis

by | Jan 17, 2025 | Backup&Recovery, Cyber Protection, Uncategorized



Table of Contents

Why I Transitioned from Veeam to Acronis: A Guide for Organizations Considering a Change

Over the years, Veeam has been a go-to solution for many organizations looking to back up and protect their virtual environments. However, recent changes in Veeam’s licensing models and escalating costs have led me to reconsider my backup strategy. In this article, I will share my experience transitioning from Veeam to Acronis Cyber Protect Advanced, and provide a detailed comparison to help others who may be in a similar situation.

The Changing Landscape of Veeam Licensing

When we initially purchased Veeam Backup Essentials in 2017, the pricing and flexibility were attractive. At that time:

  • We paid 4,814.84 EUR for a 5-year license, covering 2 hosts, each with 2 CPU sockets and 18 cores per CPU.
  • The socket-based licensing allowed us to back up an unlimited number of virtual machines (VMs) without additional costs, making it highly scalable.

Fast forward five years, and Veeam’s licensing structure had shifted to an instance-based model, where licenses are tied to the number of VMs or workloads being protected. For example:

  • Extending our environment to cover 50 VMs for one year was quoted at 6,750 EUR.
  • With a temporary 58% discount, the cost dropped to 2,835 EUR per year, but this still resulted in a 14,175 EUR cost over 5 years, nearly three times the price of the old model.

For enterprises using Veeam Enterprise, costs can be even higher. This shift made us question whether the value matched the investment, especially as adding more VMs would significantly increase costs.

Why Acronis Became the Logical Choice

After researching alternatives, we decided to switch to Acronis Cyber Protect Advanced. Here’s why Acronis emerged as the clear winner for our needs:

1. Cost Efficiency

  • Acronis licenses are host-based, allowing us to protect all VMs on a given host without worrying about additional per-VM costs.
  • For our 2 hosts, each with unlimited VMs, a 5-year license cost 4,100 EUR (2,050 EUR per host), offering substantial savings compared to Veeam’s instance-based pricing.

2. Comprehensive Functionality

  • Acronis provides almost all the features Veeam offers, including:
    • Reliable backups and restores for virtual environments.
    • Disaster recovery capabilities.
    • Advanced monitoring and reporting.
  • Additionally, Acronis offers built-in Cyber Protection, which includes features like:
    • Complete backup and recovery: Full-image and file-level backup and recovery for more than 20 platforms, restoring data to physical, virtual, or cloud environments.
    • Advanced cybersecurity: AI-based detection blocks malware, ransomware, and zero-day attacks while vulnerability assessments monitor for potential threats.
    • Proactive endpoint management: Fully managed cybersecurity services that secure your data and systems.

3. Scalability Without Cost Penalty

  • Unlike Veeam’s instance-based model, Acronis’ host-based licensing means we can freely add VMs without incurring extra costs, making it ideal for growing environments.

4. Ease of Transition

  • Acronis offers a user-friendly interface and seamless migration tools, making the transition from Veeam straightforward.

*Feature Comparison: Veeam vs. Acronis

FeatureVeeam (Instance-Based)Acronis Cyber Protect
Licensing ModelPer VM/InstancePer Host
Cost (5 years, 2 hosts, 50 VMs)~14,175 EUR (with discount)4,100 EUR
Unlimited VMs per HostNoYes
Cybersecurity FeaturesAdd-on (limited)Included
Disaster RecoveryYesYes
Proactive Endpoint ManagementNoYes
Vulnerability AssessmentsNoYes
Scalability CostsHighNone

*Disclaimer: All prices mentioned in this article are based on estimates and quotes from 2022-2023. Pricing may vary based on the vendor or region and should be confirmed with the respective manufacturer. Additionally, for the most accurate and up-to-date list of features, please refer to the manufacturer’s official website.
https://www.acronis.com/en-eu/resource-center/resource/acronis-cyber-protect-editions-comparison-including-cloud-deployment/

Additional Features of Acronis

  • Fully managed backup, recovery, and cybersecurity services: Protect critical endpoints and systems with a comprehensive solution that secures your business and data.
  • Management: Receive remote assistance, continuous monitoring of endpoints, systems, and data, along with up-to-date reporting.
  • Disaster recovery (DR): Ensure business resilience in the event of a cybersecurity incident, natural disaster, or IT disruption.
  • Backup and recovery: Minimize data loss with advanced backup and recovery to local and cloud storage, including AES-256 encryption for stored and in-transit data.
  • Vulnerability assessments: Identify and close security gaps by scanning machines for vulnerabilities, ensuring systems are up to date and secure.
  • File sync and share: Increase productivity by securely sharing corporate content from any device, anywhere, at any time.

Considerations for Switching to Acronis

While Acronis offers compelling advantages, there are a few points to keep in mind:

  • If you have heavily customized Veeam workflows, migrating to a new platform may require some effort to replicate these.
  • Acronis’ backup solutions are comprehensive, but it is still essential to evaluate whether specific advanced features of Veeam (e.g., certain granular recovery options) are critical to your organization.

Conclusion

For organizations like mine, where cost-efficiency and scalability are crucial, Acronis Cyber Protect Advanced has proven to be a superior choice. It not only matches Veeam in terms of core backup and recovery capabilities but also adds value with integrated cybersecurity features—all at a fraction of the cost.

If you are evaluating your backup solutions and feel that Veeam’s instance-based pricing is limiting your growth or stretching your budget, I encourage you to explore Acronis. The savings, combined with robust functionality, make it an excellent alternative for businesses looking to optimize their IT investments.

ORA-12638 and ORA-12641 Errors in Oracle Database

ORA-12638 and ORA-12641 Errors in Oracle Database

by | Sep 13, 2024 | Database



Table of Contents

How to Resolve ORA-12638 and ORA-12641 Errors in Oracle Database with Kerberos Authentication

When integrating Oracle Database with Kerberos authentication, you might encounter errors such as ORA-12638: Credential retrieval failed or ORA-12641: Authentication service failed to initialize. These errors often occur when attempting to authenticate without running your application or tools (like SQL*Plus or PowerShell) with administrator privileges.

In this blog, we’ll discuss a secure solution to resolve these errors without disabling important security policies on your Windows system. We’ll also contrast this with a less secure workaround, explaining why the primary solution is recommended.

Problem Overview

ORA-12638: Credential retrieval failed
This error typically occurs when SQL*Plus or other Oracle tools fail to retrieve the Kerberos credentials needed for authentication. The failure is often due to insufficient permissions or configuration issues in Windows when using a dynamic Kerberos ticket cache (MSLSA).

ORA-12641: Authentication service failed to initialize
This error is related to the inability of Oracle’s authentication service to initialize properly, which is often tied to misconfigurations in the sqlnet.ora file or Kerberos ticket settings.

Both errors commonly surface in environments where:

    • The application or script is not run with administrator privileges.
    • There is an issue with Kerberos ticket caching, especially when using the Windows-based Kerberos ticket system (MSLSA).

Step-by-Step Solution

Primary Solution: Secure Kerberos Configuration Without Disabling Security Policies

The key to resolving these errors securely lies in properly configuring your Kerberos and Oracle network files, ensuring strong encryption, and avoiding the need to run applications with elevated privileges.

 

Kerberos Configuration (krb5.conf)

Below is a recommended configuration for the krb5.conf file on both the server and the client:

 

[libdefaults]
default_realm = DOMAIN.LOCAL

# Use only strong encryption types supported by your domain
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96

# Do not allow weak cryptography
allow_weak_crypto = false

# Enable DNS lookup for KDC and realm
dns_lookup_kdc = true
dns_lookup_realm = true

# Disable reverse DNS
rdns = false

# Maximum number of retries for KDC requests
max_retries = 1

# Do not allow forwardable tickets
forwardable = false

# Reduce allowed clock skew (e.g., to 6000 seconds)
clockskew = 6000

# Enable KDC time synchronization
kdc_timesync = 1

# Cache type (default is 4)
ccache_type = 4

[realms]
DOMAIN.LOCAL = {
kdc = domaincontroller01.domain.local # Your AD Domain Controller
kdc = domaincontroller02.domain.local
master_kdc = domaincontroller01.domain.local
default_domain = domain.local
admin_server = domaincontroller01.domain.local # Your AD Domain Controller
admin_server = domaincontroller02.domain.local
}

[domain_realm]
.DOMAIN.LOCAL = DOMAIN.LOCAL
DOMAIN.LOCAL = DOMAIN.LOCAL
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL

 

Explanation of Key Settings:

  • Strong Encryption Only: By specifying default_tkt_enctypes, default_tgs_enctypes, and permitted_enctypes, we enforce the use of strong encryption algorithms (AES 128 and 256-bit).
  • Disallow Weak Cryptography: Setting allow_weak_crypto = false ensures that weak encryption methods are not permitted.
  • DNS and KDC Settings: Enabling dns_lookup_kdc and dns_lookup_realm allows Kerberos to locate the Key Distribution Center (KDC) via DNS. Disabling rdns prevents reverse DNS lookups, which can cause delays or failures.
  • Time Synchronization: Proper time sync is crucial for Kerberos. clockskew defines the acceptable time difference between client and server.

Oracle Network Configuration (sqlnet.ora)

On the Server:

# sqlnet.ora Network Configuration File on the Server

SQLNET.AUTHENTICATION_SERVICES = (NTS, KERBEROS5, KERBEROS5PRE)
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = oracle
SQLNET.KERBEROS5_CONF = D:\Kerberos\krb5.conf
SQLNET.KERBEROS5_CC_NAME = MSLSA:
SQLNET.KERBEROS5_KEYTAB = D:\Kerberos\oracle.keytab
SQLNET.KERBEROS5_CONF_MIT = TRUE

 

On the Client:

# sqlnet.ora Network Configuration File on the Client

SQLNET.AUTHENTICATION_SERVICES = (KERBEROS5)
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = oracle
SQLNET.KERBEROS5_CC_NAME = D:\Kerberos\ticket_cache
SQLNET.KERBEROS5_CONF = D:\Kerberos\krb5.conf
SQLNET.KERBEROS5_CONF_MIT = TRUE

Explanation of Key Settings:

  • Authentication Services: On the server, we include NTS (Windows Native Authentication) and Kerberos services. On the client, we specify KERBEROS5 to use Kerberos authentication.
  • Kerberos Service Name: SQLNET.AUTHENTICATION_KERBEROS5_SERVICE should match the Service Principal Name (SPN) used in your Kerberos setup.
  • Kerberos Configuration Path: SQLNET.KERBEROS5_CONF points to the location of your krb5.conf file.
  • Kerberos Ticket Cache:
    • On the server, SQLNET.KERBEROS5_CC_NAME = MSLSA: instructs Oracle to use the Windows Kerberos ticket cache.
    • On the client, we use a static ticket cache file (D:\Kerberos\ticket_cache).
  • Keytab File (Server Only): SQLNET.KERBEROS5_KEYTAB points to the keytab file containing the server’s secret key for Kerberos authentication.
  • MIT Kerberos Configuration: SQLNET.KERBEROS5_CONF_MIT = TRUE ensures Oracle uses the standard MIT Kerberos configuration format.

Benefits of This Configuration:

Security: By enforcing strong encryption and not allowing weak cryptography, you maintain a high security standard.
No Need to Disable Security Policies: This solution avoids altering Windows Local Security Policies, preserving system integrity and compliance.

No Administrator Privileges Required: Applications and tools can authenticate via Kerberos without needing to be run as an administrator.

 

Secondary Solution: Disabling Security Policies (Not Recommended)

An alternative approach involves modifying Windows Local Security Policies to allow applications to access the Windows Kerberos ticket cache (MSLSA:) without administrator privileges. However, this method reduces the security of your system and is not recommended.

1. Configure Kerberos with allow_weak_crypto in your Configuration File

One potential issue is related to the encryption method used by Kerberos. You can enable the use of weaker encryption algorithms by modifying the Kerberos configuration (krb5.conf) or directly in the sqlnet.ora file used by Oracle.

To do this, add the following line to your configuration:
allow_weak_crypto = true

This setting allows Oracle to support weaker cryptographic algorithms that may be necessary to establish a successful Kerberos authentication connection, especially in legacy environments.

2. Using a Static Kerberos Ticket Cache

To avoid problems with dynamically retrieving Kerberos tickets from Windows, you can use a static ticket cache. This ensures that the Kerberos tickets are retrieved from a file location, not directly from the Windows Local Security Authority (LSA).

Modify your sqlnet.ora file to include the following:

SQLNET.KERBEROS5_CC_NAME = “d:\Kerberos\ticket_cache”

In this example, the Kerberos ticket is stored in a file (ticket_cache), and Oracle will use this file for authentication.

You can generate and refresh the Kerberos ticket using the command:

okinit

This command will prompt you for credentials and store the ticket in the specified cache file.

3. Using the Dynamic Ticket Cache (MSLSA)

If you want to use the default Windows Kerberos ticket cache (known as MSLSA), you can set this in your sqlnet.ora file:

SQLNET.KERBEROS5_CC_NAME = MSLSA:

This instructs Oracle to retrieve Kerberos tickets directly from the Windows ticket cache.

However, using the MSLSA dynamic ticket cache often requires administrator privileges due to how Windows manages access to security credentials. If you don’t want to run SQL*Plus or PowerShell as an administrator, you will need to adjust your Windows security settings. 

4. Adjust Windows Security Settings (Local Security Policies)

To enable Kerberos ticket retrieval from MSLSA without administrator privileges, you need to modify the local security policies on your Windows machine:

Open the Local Security Policy editor by typing secpol.msc in the Run dialog (Win + R).

Navigate to Local Policies > Security Options.

Locate and disable the following two settings:

    • User Account Control: Run all administrators in Admin Approval Mode
    • User Account Control: Admin Approval Mode for the Built-in Administrator account

By disabling these settings, you allow Oracle to access the Windows Kerberos cache (MSLSA) without requiring elevated permissions.

Restart your machine for the changes to take effect.

5. Test the Connection

Once you have made these changes, test your Kerberos authentication by running SQL*Plus or PowerShell without administrator privileges:
sqlplus /@DBNAME

If everything is configured correctly, you should be able to authenticate without encountering the ORA-12638 or ORA-12641 errors.

 

Summary

To resolve ORA-12638 and ORA-12641 errors when using Kerberos authentication in Oracle, especially when you don’t want to run your tools with elevated privileges, follow these steps:

Enable weak cryptography in the Kerberos or Oracle configuration.
Use a static Kerberos ticket cache if you want to avoid using MSLSA.
If using MSLSA, adjust your local security policies to allow non-administrative access to the Kerberos ticket cache.

After implementing these configurations, you should be able to authenticate via Kerberos successfully without requiring administrator permissions for every session.

By following these steps, you ensure smoother integration between Oracle and Kerberos, allowing more flexibility in how you manage database connections in secured environments.

Watchguard SPAM Protection for Microsoft Office 365

Watchguard SPAM Protection for Microsoft Office 365

by | Aug 4, 2024 | Cyber Protection, Firewall



Table of Contents

Effective SPAM Protection for Office 365 with WatchGuard M-Serie: A Comprehensive Guide

Understanding the Challenge of SPAM in Office 365

As businesses continue to migrate to cloud-based solutions, Office 365 remains a popular choice for its robust suite of tools. However, this popularity also attracts cybercriminals, making SPAM and phishing attacks a significant concern. SPAM not only clutters inboxes but also poses severe security risks, including data breaches and malware infections.

The native SPAM filtering capabilities of Office 365, though substantial, may not be sufficient for all organizations. This is where additional SPAM protection solutions come into play, ensuring enhanced security and peace of mind. However, many third-party SPAM solutions can be costly and complex to manage.

Cost Analysis of SPAM Protection Solutions

Many organizations invest heavily in third-party anti-SPAM products to bolster their Office 365 security. These solutions, while effective, can be expensive. Popular options include:

Barracuda Essentials: A comprehensive solution that includes advanced threat protection, encryption, and archiving. However, it comes with a significant price tag, often ranging from $2 to $5 per user per month.

    • Cost for 25 Users per Month: $50 to $125
    • Cost for 50 Users per Month: $100 to $250
    • 10-Year Cost for 25 Users: $6,000 to $15,000
    • 10-Year Cost for 50 Users: $12,000 to $30,000

Mimecast: Known for its robust SPAM filtering and email continuity features, Mimecast can cost around $3 to $8 per user per month.

    • Cost for 25 Users per Month: $75 to $200
    • Cost for 50 Users per Month: $150 to $400
    • 10-Year Cost for 25 Users: $9,000 to $24,000
    • 10-Year Cost for 50 Users: $18,000 to $48,000

Proofpoint Essentials: Offers advanced SPAM filtering and targeted attack protection, with costs typically around $4 to $10 per user per month.

    • Cost for 25 Users per Month: $100 to $250
    • Cost for 50 Users per Month: $200 to $500
    • 10-Year Cost for 25 Users: $12,000 to $30,000
    • 10-Year Cost for 50 Users: $24,000 to $60,000

Microsoft Exchange Online Protection

    • Cost per User per Month: Approximately $1
    • Cost for 25 Users per Month: $25
    • Cost for 50 Users per Month: $50
    • 10-Year Cost for 25 Users: $3,000
    • 10-Year Cost for 50 Users: $6,000

WatchGuard M270 or M290 Appliance

    • One-Time Cost: $10,000 to $12,000
    • 10-Year Cost: $10,000 to $12,000

For organizations already utilizing WatchGuard appliances, such as the M290, M390, or M690, there’s an opportunity to leverage existing infrastructure for enhanced SPAM protection. This approach not only saves money but also simplifies management and improves efficiency.

*The prices mentioned are estimated and may not reflect the current market prices.

Leveraging WatchGuard Appliances for SPAM Protection

By using a WatchGuard appliance like the M270, you can effectively filter SPAM and malware before emails reach your Office 365 environment. Here’s a step-by-step guide to setting up this configuration.

Step-by-Step Guide to Setting Up Spam Protection for Office 365 Using WatchGuard M-Serie

1: Activate the SMTP Proxy on WatchGuard

Step 1: Access the WatchGuard Web UI and navigate to Firewall > Proxy > SMTP Proxy

Step 2: Enable the SMTP Proxy and configure the following settings:

  • Inbound Traffic: Set to allow incoming emails.
  • Outbound Traffic: Configure to monitor outgoing emails for potential SPAM.

Step 3: Follow the WatchGuard guide to configure the SMTP Proxy for your environment: WatchGuard SMTP Proxy Guide.

 

2: Configure MX Records

Step 1: Primary MX Record: Point this to your public IP address to ensure emails are routed through the WatchGuard firewall first (priority 0).

Step 2: Secondary MX Record: Set Office 365 as the secondary MX entry with a lower priority (e.g., priority 10).

You can ignore this warning:

The record we detected doesn’t have the right priority value. We queried these nameservers for the records: ns.dns.org, ns.dns.net

We didn’t detect that you added new records to yourdns.com. Make sure the records you created at your host exactly match the records shown here. If they do, please wait for our system to detect the changes. This usually takes around 10 minutes, although some DNS hosting providers require up to 48 hours.

3. Configuring Virus and SPAM Filtering on WatchGuard

Step 1: In the WatchGuard Web UI, go to Subscription Services > Gateway AntiVirus.

Step 2: Enable virus scanning for incoming emails. Configure the settings to automatically delete emails containing viruses or malware.

Step 3: Navigate to SpamBlocker settings. Enable SPAM filtering and configure it to tag suspected SPAM emails by adding “SPAM” to the subject line.

 

4. Setting Up Additional Filtering in Exchange Online

Step 1: Log in to the Office 365 admin center and navigate to Exchange Admin Center > Mail Flow > Rules.

Step 2: Create a new rule to move emails with “SPAM” in the subject line to the quarantine folder. This ensures that tagged SPAM emails are isolated for further review.

Example Rule Configuration:

  • Condition: Subject includes “SPAM”
  • Action: Move the message to the quarantine

5. Regular Maintenance and Adjustments

Regularly review and adjust the filtering rules on both the WatchGuard appliance and Exchange Online to minimize false positives and ensure legitimate emails are not incorrectly marked as SPAM.

Additional Features of WatchGuard Appliances

WatchGuard appliances offer a range of additional security features that enhance your organization’s overall security posture:

  • Advanced Threat Detection: WatchGuard’s Threat Detection and Response (TDR) integrates with the appliance to detect and respond to advanced threats in real-time.
  • Application Control: Manage and control the applications used within your network, enhancing security and productivity.
  • Secure Remote Access: WatchGuard’s VPN solutions provide secure remote access for your workforce, ensuring data security even when accessing resources remotely.
  • Content Filtering: Block inappropriate or harmful content to protect users and maintain productivity.
  • Intrusion Prevention: Detect and prevent network intrusions with WatchGuard’s Intrusion Prevention Service (IPS).

These features make WatchGuard appliances a comprehensive security solution, providing more than just SPAM protection.

Benefits of Using WatchGuard for SPAM Protection

  • Cost Savings: Utilizing an existing WatchGuard appliance eliminates the need for additional third-party SPAM solutions, saving significant costs.
  • Simplified Management: Centralized management through the WatchGuard interface streamlines the configuration and maintenance of SPAM protection.
  • Enhanced Security: Filtering emails before they reach Office 365 adds an extra layer of security, reducing the risk of SPAM and malware infections.
  • Additional Security Features: Benefit from advanced threat detection, application control, secure remote access, and more, enhancing your organization’s overall security.

By following this guide, you can leverage your WatchGuard M270 (or other models) to provide robust SPAM protection for your Office 365 environment, ensuring a secure and efficient email experience.

Conclusion

SPAM protection is critical for maintaining the security and efficiency of your Office 365 environment. By leveraging WatchGuard appliances, you can achieve comprehensive SPAM filtering while reducing costs and simplifying management. Follow the detailed configuration steps to set up an effective SPAM protection system and safeguard your organization from the risks associated with unsolicited emails.

In addition to SPAM protection, WatchGuard appliances offer a range of advanced security features, making them a comprehensive solution for your organization’s security needs. Invest in WatchGuard to ensure robust protection and peace of mind for your Office 365 environment.