Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

WAF: Common configurations for securing OWA, ActiveSync and Outlook Anywhere to access Exchange mailbox

03/26/2020 18 People found this article helpful 196,005 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article describes common configurations for the WAF to effectively secure Exchange applications, such as OWA, ActiveSync and Outlook Anywhere. This article especially focuses on the configuration for successful support for Outlook Anywhere.

    TIP:  Please test Exchange Server settings with https://testconnectivity.microsoft.com/ before deploying or switching DNS to make sure all Exchange Settings are good.

    Cause

    While OWA and ActiveSync requires no additional set up, Outlook Anywhere for Exchange 2010 needs RPC over HTTP, which was not supported by WAF 2.2.0.0-12waf and earlier.

    Resolution

    Here's a table with the supportability of Exchange version, Outlook version and its protocol (this data is fetched from Microsoft Technet site):

    Product

    Exchange 2016 RTM

    Exchange 2013 SP1

    Exchange 2013 RTM

    Exchange 2010 SP3

    Outlook 2016 RTM

    • MAPI over HTTP
    • Outlook Anywhere
    • MAPI over HTTP
    • Outlook Anywhere

    Outlook Anywhere

    • RPC
    • Outlook Anywhere

    Outlook 2013 SP1

    • MAPI over HTTP
    • Outlook Anywhere
    • MAPI over HTTP
    • Outlook Anywhere

    Outlook Anywhere

    • RPC
    • Outlook Anywhere

    Outlook 2013 RTM

    Outlook Anywhere

    Outlook Anywhere

    Outlook Anywhere

    • RPC
    • Outlook Anywhere

    Outlook 2010 SP2 and updates KB2956191 and KB2965295 (April 14, 2015)

    • MAPI over HTTP
    • Outlook Anywhere
    • MAPI over HTTP
    • Outlook Anywhere

    Outlook Anywhere

    • RPC
    • Outlook Anywhere

    Outlook 2010 SP2 and earlier

    Outlook Anywhere

    Outlook Anywhere

    Outlook Anywhere

    • RPC
    • Outlook Anywhere

    Outlook 2007

    Outlook Anywhere

    Outlook Anywhere

    Outlook Anywhere

    • RPC
    • Outlook Anywhere

    Moreover, we can check the value of Protocol in Outlook Connection Status to check current*

    NOTE:  Exchange 2010 specifically needs upgrade to WAF 2.2.0.1-16waf as it requires RPC over HTTP protocol support for Outlook Anywhere. WAF does not need any special support for other Exchange versions.

     

    Configuration on WAF:

    1. Navigate to Application Delivery and click on Offload Web App.
    2. A wizard will open. Select Single or Multiple (if you have multiple servers and would like to configure Load balancing on WAF), and enable "This is an Exchange Application which will be accessed by OWA, ActiveSync or Outlook Anywhere" . Click NEXT.
    3. Configure as follows:
    • Backend Server to protect: [IP / Name of your backend Exchange server]
    • DNS to publish for Web App: Users will be accessing Exchange / OWA/ ActiveSync using this domain name.
    • Virtual IP for Web App: This is optional. If not configured, this web App will be listening on X0 IP of WAF. If you would like to use a specific IP, you can configure it here.
    • SSL certificate: Select the applicable certificate. It is recommended to use a valid signed certificate.
    • Web App Name: Type the application name.

       4. Click NEXT. The Security screen appears. Select "Enable Web Security" checkbox to enable the core security features of Web Application firewall.

       5. Click NEXT. The final screen with a message appears, Click FINISH. Now, you can edit the web App to make advanced configuration changes as below:

    Image

     

    Image

     Authentication Controls and Anonymous Session tracking is disabled by default for Exchange portals.

     

    Exchange Server configuration:

    External Hostname should be same as Web App Name configured in WAF.

    Client authentication method: Basic authentication

    It is recommended to enable SSL offloading and set Authentication method to Basic authentication.

    NOTE: NTLM is an insecure authentication protocol and is not supported by SonicWall WAF.

    Image

    Refer: https://social.technet.microsoft.com/wiki/contents/articles/1267.how-to-configure-ssl-offloading-in-exchange-2010.aspx

     

     IIS configuration:

     Image

     

    Outlook Anywhere configuration:

    If autodiscover is configured well, the Outlook settings will be configured properly by autodiscover. If not, user will need to configure it manually.

    Image

     

    Image

    Use this URL to connect to my proxy server for Exchange: should be same as Web App Name and the name configured on Exchange Server.

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > Web Application Firewall > Application Delivery

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top