Ok so i have a Netscaler Gateway providing me with remote desktop access in my lab which has been working fine with just a DNAT rule configured as below.
OWA Rule
Source
- Source Zone (LAN, WAN)
- Allowed Client Networks (Any)
Destination & Service
- Destination Host (Port2 WAN)
- Services (HTTPS)
Forward To
- Protected Server (Netscaler)
- Protected Zone (LAN)
I then added an Exchange 2016 server in to the lab and setup OWA access using the Exchange General Template as a guide.
Citrix Rule
Hosted Server
- Hosted Address (Port 2 WAN)
- HTTPS (Ticked)
- Redirect HTTP (Ticked)
- Listening Port (443)
- HTTPS Certtificate (Godaddy cert with webmail.mydomain.com and remote.mydomain.com)
- Domains (Webmail.mydomain.com)
Protected Servers(s)
- Path-specific routing (Ticked)
- /owa (Exchange server)
- /OWA (Exchange server)
Exceptions
- /owa/*,/OWA*
- Skip these checks (Static URL Harding)
- Advanced (Never change HTML during static URL hardening or form hardening)
- Advanced (Accept unhardened form data)
- /owa/ev.owa* (Exchange server)
- Skip these checks (Anti-virus)
- Skip these categories (All)
- Advanced (Never change HTML during static URL hardening or form hardening)
Advnced
- Protection (Exchange General)
- Pass Host Header (Ticked)
Now the issue is when i put the OWA rule above the Citirx rule and go to https://webmail.mydomain.com/owa i hit the Exchange form and can login just fine. If i go to https://remote.mydomain.com i get (FORBIDDEN - You don't have permission to access / on this server.).
If i switch them around and test again both URLS go to the Netscaler. Now i can understand why this happens as the Citrix rule is basically a catch all rule for HTTPS.
What i don't understand is they when the OWA rule is at the top do i get the error when going to https://remote.mydomain.com URL. Surely it doesn't match the domain listed in the rule and should be passed over - Right?
Can anyone please shed some light on how i can fix this? or what am i missing.
Thanks
This thread was automatically locked due to age.