Hi everyone,
I am a little bit puzzled by the current problems I am seeing on my clients. We are running Exchange 2013 and a Citrix NetScaler as Loadbalancer.
Last week we created a DMZ network using the UTM and moved the NetScaler into the DMZ. Every address for services like Autodiscover, OWA, etc. were moved into the DMZ as well. We edited Firewall, NAT rules and so on and everything was running okay - until we got regular disconnects from our Outlook clients.
It appears that somehow the connection to the DMZ network is lost every 30 minutes. The Outlook clients disconnect for a short time and automatically connect again.
Setup so far:
- Interface on the UTM with DMZ Gateway address (172.17.x.x) => connected to a HP switch which provides the network for an ESXi host and the Citrix Netscaler devices.
- Services like Autodiscover have IP addresses within the DMZ network and are handled by the Netscaler for Loadbalancing
- Firewall rules for LAN clients (192.168.x.x) to access the DMZ (172.17.x.x) using HTTPS / DMZ Service Addresses to access Exchange Servers using SMTP and HTTPS
- MASQ Rule for DMZ Network interface => to WAN
- DNAT for Internet IPv4 ->HTTPS-> Public IP (62.x.x.x) => Target outlook.xyz.de (DMZ)
- SNAT outlook.xyz.de (DMZ) -> HTTPS->ANY => Public IP (62.x.x.x)
This setup is working as far that the Outlook clients connect to Exchange using the UTM and DMZ. Every 30 minutes - and this is the odd part - the connection is dropped and clients have to reconnect. We had problems at the start with IPS and we had to create exceptions there (flood detection, etc.), but the problems continued.
Does anybody have any ideas on this? We are running out of guesses and our users are slowly losing patience.
Cheers
This thread was automatically locked due to age.
