Hi Kenlars,

Thanks for the response. I am new to the SA unit. Can you just run through the tracing steps please?

It's time to get familiar with the Admin Guide - this topic is on p. 726.

In general, you specify the user ID and the realm, and then check the events you wish to record, and click "Start Recording". (You'll want to record Web Policies.). Then run the test through another browser window, and come back to the Admin GUI and click on "View Log". You'll see all the policy tests for all URLs fetched - you want to look for the URLs used to fetch the attachments, and see why they passed.

Remember to turn off policy trace when you are finished.

For OWA 2003, if you request no download or upload of attachments, the SA generates the following web access rules (assuming owaserver.company.com is the name of the server and it is accessed using HTTPS) -

https://owaserver.company.com:443/*.EML/*Cmd=addattach* DENY

https://owaserver.company.com:443/*?attach=* DENY

https://owaserver.company.com:443/* ALLOW

The first two rules attempt to deny any URL which downloads or uploads an attachment, and the third rule allows anything else.

Assuming you did not manually change these rules, and you applied them to the correct role, I would guess they should work. If they don't, Juniper must have the form of the URLs incorrectly, and you should open a case with them.

Thanks Kenlars,

All rules you have pointed out have been appplied to my setup as default but to no avail.

I have now opened a support case with Juniper and will let you know the result.

There is a specific page for attachments that needs to be denied. I'll see if I can dig it up.

Has this been solved? I have the same issue with OWA2007 on a SA4500 running 6.3R5 and 6.5R1 (I tried both)