(Mind you I don't run a Sonicwall but picked this up from the listserves)

So someone was having problems where the calendar invites wouldn't work.  Would work for some of their clients but not others…. the reason?

The Sonicwall.

The Sonicwall sees those calendar invites as a threat and blocks them.  I'm assuming that somewhere in the documenation it tells you this…but since I've seen a couple of folks get stuck on this I'm blogging the response from the folks that use Sonicwall to make it a smidge easier for folks to find:

In the Intrusion Protection Service (part of the comprehensive security suite), uncheck the IPS box that checks for meeting requests.

Once you do that all should be well.
P.S.  Sonicwall is reacting to an Exchange security issue that is now patched with a security bulletin (not a hotfix, it's a security patch) so there is no need to have that blocked now if you have a patched system.

4 Thoughts on “Meeting invites and Sonicwall firewalls

  1. I’m struggling to understand how a meeting request could be an intrusion threat.

  2. SonicWall began this when the meeting request exploit in Exchange was announced several months back. Microsoft released a patch but SonicWall decided it was such a huge exploit that they updated their IPS to block requests by default.

  3. This has been added to IPS by Sonicwall in response to the following Microsoft Security Vulnerability:


    The signature is classified as a medium threat and allows the administrator to block meeting.ics at the firewall to prevent the vulnerability from being used to gain control of a server. If you look, the vuln exists in Exchange all the way up to 2K3 SP2 and requires a hotfix.

  4. Just for further information for everyone, the IPS signatures on your sonicwall for this are #3233 and 3234. If you have applied the patch in question from Microsoft, then you can disable prevention and/or detection on these two signatures individually to allow your meeting.ics files to pass the Sonicwall.

Post Navigation