Hi,
I have Exchange 2007 running under VMWare, and up until ASG 8.0 had DNAT set up to route incoming HTTPS on port 443 to this VM. After upgrading to ASG 8.000 a few days ago, this setup continued to work as you'd expect, but I decided to use Web Application Security instead. I've set up the necessary real web server, fronted by a virtual web server using advanced protection (and with the original DNAT entry turned off). Initially I got a 403 error when accessing externally via Internet Explorer, until I switched my URL in IE to use the same FQDN as the ASG hostname, at which point everything started working. It's been working well for the last 24 hours, until maybe 3 hours ago.
This morning, I found I was suddenly unable to access OWA via IE through the ASG from outside my network. IE reports an "HTTP 403 Forbidden", with the actual message being "You don't have permission to access /owa on this server.". What I don't understand was that this was working fine earlier today, and I didn't change anything related to this WAF (which I've confirmed by reviewing my change log under the Management menu). I've tried restarting the Web App Security, and have even rebooted the ASG, but I still can't access OWA. In the meantime, I'm still able to access my Exchange server via ActiveSync on my iPhone just fine, so the problem appears to be specific to OWA.
Any suggestions on what I did wrong? I could just revert to my original DNAT approach with WAF disabled, but I'd like to use WAF if I can. What's puzzling me the most is that OWA access stopped working for no clear reason, while iPhone ActiveSync continued to work without an issue.
Thanks in advance,
Martin.
This thread was automatically locked due to age.
