Hello,
I struggle to make the default waf rules working for Exchange with my situation.
I want to achieve the following:
- OWA only accessible behind user authentication with OTP and IPS
- Preferable ECP blocked from WAN or as OWA also behind authentication with OTP
- Outlook anywhere and activesync for mobile phones accessible and protected with IPS
We have all the virtual directories internal en external mapped to mail.company.com and use a wildcard certificate for this. Further we use split dns on our server. I have one external IP which we have a A host record for mail.company.com and autodiscover.company.com pointing to this.
I cannot find a good example to get this working with using only a wildcard certificate and a single external IP address.
When I use the default rules I get an error that the certificate is already in use and that I cannot have both, do I need to create 1 rule for all the above or is there a better way
Anyone that uses a similar situation and got it working?
At the moment I'm using a DNAT rule which is not secure at all because of the ECP that open for the whole world.
This thread was automatically locked due to age.
