Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 860 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowing only enabled ActiveSync users from accessing exchange server from WAN

leo hamel

Hi all

I need to make a rule that allows only specific users (ActiveSync enabled users) to hit the exchange server WAN port, any other users should be black holed or dropped 

the reason why, because i have a brut force attack from someone using the Exchange NAT rule to try to authenticate to exchange server and i can see the event log on the server showing the attempts 

 please help



This thread was automatically locked due to age.
Parents
  • 0

    Thats not possible. From a technically perspective. How should XG know, which user uses which IP? The authentication process will be take place in Layer 7 - so to speak, the whole authentication process will be done, after the connection to the active sync already establish. You can use WAF and activate brute froce protection for authentication on XG. It will lock out the IP attempt for 5-60 minutes. 

  • 0 in reply to LuCar Toni

    thanks for reply Slight smile

    i will try the WAF and see

    also am just wondering what is the match know users check box does? 

Reply Children
No Data