[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] Meeting invites and Sonicwall firewalls - THE OFFICIAL BLOG OF THE SBS DIVA
Sun, Sep 24 2006 11:13 bradley

Meeting invites and Sonicwall firewalls

(Mind you I don't run a Sonicwall but picked this up from the listserves)

So someone was having problems where the calendar invites wouldn't work.  Would work for some of their clients but not others.... the reason?

The Sonicwall.

The Sonicwall sees those calendar invites as a threat and blocks them.  I'm assuming that somewhere in the documenation it tells you this...but since I've seen a couple of folks get stuck on this I'm blogging the response from the folks that use Sonicwall to make it a smidge easier for folks to find:

In the Intrusion Protection Service (part of the comprehensive security suite), uncheck the IPS box that checks for meeting requests.

Once you do that all should be well.
P.S.  Sonicwall is reacting to an Exchange security issue that is now patched with a security bulletin (not a hotfix, it's a security patch) so there is no need to have that blocked now if you have a patched system.
Filed under:

# re: Meeting invites and Sonicwall firewalls

Sunday, September 24, 2006 5:40 PM by sandi

I'm struggling to understand how a meeting request could be an intrusion threat.

# re: Meeting invites and Sonicwall firewalls

Sunday, September 24, 2006 9:20 PM by John

SonicWall began this when the meeting request exploit in Exchange was announced several months back. Microsoft released a patch but SonicWall decided it was such a huge exploit that they updated their IPS to block requests by default.

# re: Meeting invites and Sonicwall firewalls

Monday, September 25, 2006 6:21 AM by Jamie Jamison

This has been added to IPS by Sonicwall in response to the following Microsoft Security Vulnerability: http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx The signature is classified as a medium threat and allows the administrator to block meeting.ics at the firewall to prevent the vulnerability from being used to gain control of a server. If you look, the vuln exists in Exchange all the way up to 2K3 SP2 and requires a hotfix.

# re: Meeting invites and Sonicwall firewalls

Monday, September 25, 2006 7:23 AM by Jamie Jamison

Just for further information for everyone, the IPS signatures on your sonicwall for this are #3233 and 3234. If you have applied the patch in question from Microsoft, then you can disable prevention and/or detection on these two signatures individually to allow your meeting.ics files to pass the Sonicwall.