Sophos UTM Web Application Firewall For: Microsoft Exchange Services
|
|
- Stella Cameron
- 6 years ago
- Views:
Transcription
1 How to configure: Sophos UTM Web Application Firewall For: Microsoft Exchange Services This guide explains how to configure your Sophos UTM 9.3+ to allow access to the relevant Microsoft Exchange services through the Web Application Firewall. Included services: Outlook Web Access (OWA) Outlook Anywhere Exchange Autodiscover Exchange ActiveSync Exchange Control Panel (ECP) Offline Address Book (OAB) Configuring your Exchange server is outside the scope of this guide. It assumes you ve already setup your Microsoft Exchange environment for remote connectivity by enabling Basic authentication (as the primary or additional authentication method) for OWA, ECP, Outlook Anywhere, OAB, EWS and Autodiscover, and that you have copies of your public SSL certificates available in PFX (PKCS12) format. Please note: This guide assumes reverse passthrough authentication (eg. the WAF will authenticate the user and then pass the credentials to the backend server) is going to be used for the Exchange servers. Should you wish to authenticate to the Exchange servers directly, please make sure you disable all authentication methods other than Basic Authentication on the Exchange servers. Failure to do so will result in authentication problems that might cause logged in users to lose their sessions, authentication to fail, or session management errors. Known to apply to the following Sophos product(s) and version(s): Sophos UTM 9.3+ Operating systems: Microsoft Windows Server Exchange Versions: Microsoft Exchange Document version: 2.0 (Nov 2015) Page 1
2 Table of Contents A. Import the required certificates... 3 Import the intermediate & root certificates... 3 B. Optional: Configure Active Directory and Exchange IIS... 4 C. Optional: Configuring authentication services... 5 Active Directory (Username + Password style)... 5 LDAP (UPN + password style)... 6 LDAP ( address + password style)... 7 E. Optional: Creating the Reverse Authentication profiles... 8 Basic authentication with passthrough... 8 Forms-based authentication with passthrough... 9 F. Creating the Real Webserver(s) G. Configuring the Firewall Profiles Exchange Autodiscover Outlook Anywhere OWA, ECP, & Exchange ActiveSync H. Creating the Virtual Webservers Exchange Autodiscover Outlook Anywhere OWA & Exchange ActiveSync I. Configuring Exceptions Exchange Autodiscover Outlook Anywhere OWA & Exchange ActiveSync OWA Notifications J. Optional: Configuring Site Path Routing Exchange Autodiscover Outlook Anywhere OWA & ECP Exchange ActiveSync & Other L. Optional: Next Steps Page 2
3 A. Import the required certificates First you ll need to import your Exchange server s SSL certificate. The certificate must be in PKCS12 (.pfx) format, otherwise it cannot be used by the WAF (because it requires the private key). 1. In the UTM WebAdmin, browse to Webserver Protection > Certificate Management. 2. Click New Certificate 3. Enter a name, such as Exchange SSL Certificate. 4. Under Method, select Upload. 5. Ensure File type is set to PKCS#12 (Cert+CA). 6. Click the Folder icon ( ) next to the upload field to select the certificate file you wish to import. 7. Enter the required certificate password. 8. Click Save to upload the certificate and complete the import. Note: please see the following KB article for instructions on generating publically signed certificates and converting them into PKCS12 format: Import the intermediate & root certificates If your certificate file does not include the intermediate and root certificates, you ll need to manually import them in order for the UTM to be able to use it. 1. Browse to Webserver Protection > Certificate Management > Certificate Authority. 2. Click New CA 3. Enter a name, such as Exchange Root Certificate. 4. Under Type, select Verification CA (PEM). 5. Click the folder icon ( ) next to the CA certificate field to select the certificate file to import. 6. Click Save to upload the certificate and complete the import. Page 3
4 B. Optional: Configure Active Directory and Exchange IIS Depending on your preference regarding user logon (either using their username and password, their User Principal Name and password, or their address and password) you might need to configure some additional settings in either AD or the IIS on the Exchange backend(s). This section may be required when using username + password style. It is not required if you are using domain prefixing or suffixing in your Reverse Authentication profile (described later in this guide on page 8). Sophos UTM assumes the default domain name is known to the backend server when using AD integrated authentication. As a result, it will delegate just the username and password to the backend systems, whereas Exchange expects a login to contain a domain\username format. In a single-domain environment, this limitation can be worked around by setting the default domain on IIS, which will then prefix all logins with this domain name. 1. Login to your Exchange server(s) using Remote Desktop. 2. Open the Internet Information Server (IIS) console. 3. Navigate to the website that currently hosts your Exchange services and select the first virtual directory used by Exchange (this is normally Autodiscover ). 4. Open the Authentication applet in the IIS section. 5. Select Basic Authentication from the list and click Edit in the right-hand Actions pane. 6. Fill in the desired default domain name in the Default domain: field, and click OK to save. 7. Repeat steps 1-6 above for every Exchange service in IIS and for every Exchange CAS server in your environment. Page 4
5 C. Optional: Configuring authentication services Depending on the desired style of authentication, one has to either create at least one Active Directory authentication server (for the username + password style) or one LDAP authentication server (for UPN based authentication) in UTM. Active Directory (Username + Password style) 1. In the UTM WebAdmin, browse to Definitions & Users > Authentication Services > Servers. 2. Click New Authentication Server 3. Under Backend, select Active Directory. 4. If you have multiple backend servers of a similar type, use the Position dropdown to determine the order in which servers are contacted. 5. Select the backend server by clicking the folder icon ( ) and clicking and dragging the relevant host object into the Server: field, or by clicking the + icon ( ) to define a new host. 6. Optional: Click the SSL checkbox to enable SSL connectivity to your AD server. 7. Optional: If needed, enter a custom port number into the Port field. 8. Enter the name of the user account the UTM will use to connect to Active Directory into the Bind DN field. Both the domain\username and the LDAP string (CN=user,DC=domain,DC=local) are supported; using the LDAP string is recommended as doing so can reduce backend load. 9. Enter the relevant password for the account into the Password field. 10. Optional: Click the Test button to verify whether the UTM can reach the backend server and if the supplied user credentials are accepted by AD. 11. Optional: Fill out the Base DN field to define at which level the UTM should start querying AD (for example: CN=Users,DC=domain,DC=local). 12. Click Save to store the configured backend server and continue. Page 5
6 LDAP (UPN + password style) This method is recommended when using Basic Authentication (configured later, on page 8). 1. Browse to Definitions & Users > Authentication Services > Servers. 2. Click New Authentication Server 3. Under Backend, select LDAP. 4. If you have multiple backend servers of a similar type, use the Position dropdown to determine the order in which servers are contacted. 5. Select the backend server by clicking the folder icon ( ) and clicking and dragging the relevant host object into the Server: field, or by clicking the + icon ( ) to define a new host. 6. Optional: Click the SSL checkbox to enable SSL connectivity to your AD server. 7. Optional: If needed, enter a custom port number into the Port field. 8. Enter the name of the user account the UTM will use to connect to Active Directory into the Bind DN field. Both the domain\username and the LDAP string (CN=user,DC=domain,DC=local) are supported; using the LDAP string is recommended as doing so can reduce backend load. 9. Enter the relevant password for the account into the Password field. 10. Optional: Click the Test button to verify whether the UTM can reach the backend server and if the supplied user credentials are accepted by AD. 11. Select > from the User Attribute dropdown menu. 12. Enter userprincipalname (case sensitive) in the Custom field to enable the UTM to authenticate based on UPN. 13. Optional: Fill out the Base DN field to define at which level the UTM should start querying AD (for example: CN=Users,DC=domain,DC=local). 14. Click Save to store the configured backend server and continue. Page 6
7 LDAP ( address + password style) 1. Browse to Definitions & Users > Authentication Services > Servers. 2. Click New Authentication Server 3. Under Backend, select LDAP. 4. If you have multiple backend servers of a similar type, use the Position dropdown to determine the order in which servers are contacted. 5. Select the backend server by clicking the folder icon ( ) and clicking and dragging the relevant host object into the Server: field, or by clicking the + icon ( ) to define a new host. 6. Optional: Click the SSL checkbox to enable SSL connectivity to your AD server. 7. Optional: If needed, enter a custom port number into the Port field. 8. Enter the name of the user account the UTM will use to connect to Active Directory into the Bind DN field. Both the domain\username and the LDAP string (CN=user,DC=domain,DC=local) are supported; using the LDAP string is recommended as doing so can reduce backend load. 9. Enter the relevant password for the account into the Password field. 10. Optional: Click the Test button to verify whether the UTM can reach the backend server and if the supplied user credentials are accepted by AD. 11. Select > from the User Attribute dropdown menu. 12. Enter mail (case sensitive) in the Custom field to enable the UTM to authenticate based on the user s address. 13. Optional: Fill out the Base DN field to define at which level the UTM should start querying AD (for example: CN=Users,DC=domain,DC=local). 14. Click Save to store the configured backend server and continue. Page 7
8 E. Optional: Creating the Reverse Authentication profiles As mentioned in the introduction, this guide assumes reverse authentication with passthrough will be used for all published services. If you should not wish to do so, please skip this section. Since Exchange uses two distinct modes of authentication (Forms-based logon and HTTP 401 authentication messages) for improved user experience (user-facing services such as OWA use a form, application-facing services such as Outlook Anywhere use HTTP 401) you ll need to create two separate Reverse Authentication profiles to match this desired authentication scheme. Basic authentication with passthrough This is the profile that will be used to supplant all HTTP 401 authentication interfaces used by Exchange. 1. In the UTM WebAdmin, browse to Webserver Protection > Reverse Authentication. 2. Click New Authentication Profile 3. Enter a name such as Basic Authentication into the Name field. 4. Under Virtual Webserver, choose Basic in the Mode box. 5. Add a relevant name for the HTTP 401 popup box into the Basic Prompt field. 6. Click the folder icon ( ) in the Users/Groups box to select existing users or groups by dragging and dropping them into the textbox, or click the New User ( ) or New Group ( ) icons to define new users or groups allowed to access resources protected by this profile. Important: Selecting local or AD users and groups will enable username/password style logins, selecting LDAP users and groups will enable UPN or logins depending on your configuration. 7. Under Real Webserver, choose Basic in the Mode box. 8. Optional: Depending on the security requirements of your environment you can modify the default User Session timeout settings, or disable session lifetime/timeout. 9. Click Save to store the configured reverse authentication profile. A screenshot showing configuration of this section can be found later (on page 10). Important: Due to the way usernames are processed by Reverse Authentication, entering the \ character as part of a username will cause it to be sent twice when using passthrough authentication, which will cause the request to fail. For example, if a user enters domain\user as their username, the UTM will send domain\\user to the backend server which will be rejected because it isn t a valid username & domain combination. Important: Because Exchange ActiveSync configuration on some mobiles devices requires a domain prefix, or UPN / domain suffix, we recommend not using the Username affix feature on the WAF when configuring the Basic Authentication profile, and using UPN + password based authentication instead of username + password. This will allow mobile devices to authenticate as well as allow Microsoft s Remote Connectivity Analyzer tool to connect properly. Usage of the Username affix feature is explained on the next page. Page 8
9 Forms-based authentication with passthrough This is the profile that will be used to protect the user-facing services where having a login form is desirable over a regular HTTP 401 popup (such as Outlook Web Access). 1. In the UTM WebAdmin, browse to Webserver Protection > Reverse Authentication. 2. Click New Authentication Profile 3. Enter a name such as Form Authentication into the Name field. 4. Under Virtual Webserver, choose Form in the Mode box. 5. Select a Form template in the Form template box. Note: You can edit and upload templates by clicking on the Form Templates tab. 6. Click the folder icon ( ) in the Users/Groups box to select existing users or groups by dragging and dropping them into the textbox, or click the New User ( ) or New Group ( ) icons to define new users or groups allowed to access resources protected by this profile. Important: Selecting local or AD users and groups will enable username/password style logins, selecting LDAP users and groups will enable UPN or logins depending on your configuration. If you are using UPN for login be sure to add LDAP user groups such as LDAP Users, otherwise Autodiscover authentication will fail. 7. Under Real Webserver, choose Basic in the Mode box. 8. Optional: If you didn t configure a default domain on your IIS server in section B of this guide, you can configure the UTM to automatically send the domain using the username affix feature: If using username + password authentication, select Prefix under Username Affix and enter your domain name followed by \ into the Prefix field (eg. domain\ ) If using address + password authentication, select Suffix under Username Affix and and then your domain name into the Suffix field. 9. Optional: Depending on the security requirements of your environment you can modify the default User Session timeout settings, or disable session lifetime/timeout. 10. Click Save to store the configured reverse authentication profile. A screenshot showing this configuration can be found on the next page. Important: As described on the previous page, authentication issues will occur if users enter their usernames in format domain\username when using Reverse Authentication. For this reason it s important to use domain prefixing as described in the instructions above, or enter a default domain into the IIS configuration as described earlier in this guide (on page 4). We recommend using username prefixing for the Forms-based Authentication profile, and having users login with their username only, eg. by entering just username instead of domain\username. Page 9
10 The following screenshots show examples of the configured Basic and Forms authentication profiles: Page 10
11 F. Creating the Real Webserver(s) The next step in setting up the WAF is configuring the Real Webserver(s) which represent the Exchange CAS backend servers to the WAF setup. 1. Browse to Webserver Protection > Web Application Firewall > Real Webservers. 2. Click New Real Webserver 3. Enter a name such as Exchange Server into the Name field. 4. Select the backend server by clicking the folder icon ( ) and clicking and dragging the relevant host object into the Server field, or by clicking the + icon ( ) to define a new host. 5. Set the Real Webserver connection type by selecting either HTTP or HTTPS in the Type box. 6. Optional: After selecting the connection type, the UTM will automatically fill in the associated port number. If you need to use a non-standard port you can enter it into the Port field. 7. Click Save to store the real webserver and continue. Repeat the above procedure for every Exchange server in your farm that users should connect to via the Web Application Firewall. G. Configuring the Firewall Profiles Exchange services such as Outlook Anywhere, Outlook Web Access (OWA), Exchange ActiveSync, Autodiscover, etc. require different levels of protection and different WAF settings to function correctly. Because of this we will configure three separate profiles; one for Outlook Anywhere, one for Autodiscover, and one for the remaining services (OWA, ECP, and Exchange ActiveSync). Note: It s important to configure non-optional items exactly as specified otherwise the UTM might block legitimate requests. Optional items can be treated as suggestions which can help to increase security. Page 11
12 Exchange Autodiscover 1. Browse to Webserver Protection > Web Application Firewall > Firewall Profiles. 2. Click New Firewall Profile 3. Enter a name such as Exchange Autodiscover into the Name field. 4. Under Mode, select Reject. 5. Enable Common threats filter and Rigid Filtering. 6. Add a Skip Filter rule by clicking the + icon ( ) next to the Skip Filter Rules box. 7. Enter (without quotes) and then click Apply. 8. Enable Static URL hardening and enter /autodiscover and /Autodiscover (without quotes) as entry points by clicking the + icon ( ) in the top right. 9. Enable Form Hardening. 10. Optional: Enable Antivirus scanning, then select the Mode (Single or Dual Scan), and Direction (Uploads only, Downloads only, or Uploads and Downloads). 11. Optional: Block suspicious clients by enabling Block clients with bad reputation. 12. Expand Threat Filter Categories by clicking the + icon and uncheck SQL Injection Attacks. 13. Click Save to store the Firewall Profile and continue. The recommended settings are shown in the following screenshots: Page 12
13 Outlook Anywhere 1. Browse to Webserver Protection > Web Application Firewall > Firewall Profiles. 2. Click New Firewall Profile 3. Enter a name such as Outlook Anywhere into the Name field. 4. Check Pass Outlook Anywhere. 5. Under Mode, select Reject. 6. Enable Static URL hardening and enter /rpc and /RPC (without quotes) as entry points by clicking the + icon ( ) in the top right. 7. Optional: Block suspicious clients by enabling Block clients with bad reputation. 8. Click Save to store the Firewall Profile and continue. The recommended settings are shown in the following screenshot: Page 13
14 OWA, ECP, & Exchange ActiveSync 1. Browse to Webserver Protection > Web Application Firewall > Firewall Profiles. 2. Click New Firewall Profile 3. Enter a name such as OWA & Exchange ActiveSync into the Name field. 4. Under Mode, select Reject. 5. Enable Common threats filter and Rigid Filtering. 6. Add the following Skip Filter rules by clicking the + icon ( ) next to the Skip Filter Rules box. 7. Add , , , , and (without quotes) and click Apply after each to confirm. 8. Enable Static URL hardening and enter /owa, /OWA, /ews, /EWS, /oab, /OAB, /ecp, /ECP, /Microsoft-Server-ActiveSync, and / (without quotes) by clicking the + icon ( ) in the top right. URLs are case sensitive. 9. Optional: Enable Antivirus scanning, then select the Mode (Single or Dual Scan), and Direction (Uploads only, Downloads only, or Uploads and Downloads). 10. Optional: Block suspicious clients by enabling Block clients with bad reputation. 11. Expand Threat Filter Categories by clicking the + icon and uncheck SQL Injection Attacks, XSS Attacks, and Outbound. 12. Click Save to store the Firewall Profile and continue. Page 14
15 H. Creating the Virtual Webservers Since we intend to use different firewall profiles for different Exchange services (as previously discussed) we will need to configure a matching set of Virtual Webservers to which these profiles should apply. Exchange Autodiscover Please note that, as part of Microsoft s best practices, Sophos recommends running the Autodiscover service on a separate hostname. This hostname should normally be autodiscover.<domain>.<tld>, as demonstrated below. 1. Browse to Webserver Protection > Web Application Firewall > Virtual Webservers. 2. Click New Virtual Webserver 3. Enter a name such as Exchange Autodiscover into the Name field. 4. Select the interface this Virtual Webserver should be created on from the Interface menu. Note: this is normally the UTM s external (WAN) interface. 5. Select the protocol to be used from the Type menu. Using Encrypted (HTTPS) is recommended. Note: you can also select Encrypted (HTTPS) & redirect to automatically redirect clients to HTTPS if they connect using HTTP. 6. Optional: After selecting the connection type, the UTM will automatically fill in the associated port number. If you need to use a non-standard port you can enter it into the Port field. 7. Select the applicable certificate from the Certificate menu. This was configured on page 3 (Section A) of this guide. 8. Select either the desired domain name for the Domains list, or if using a wildcard certificate, enter your desired hostname by clicking the + icon ( ) in the top right corner. Note: Wildcard certificates are incompatible with multi-site High Availability Exchange setups and require extra configuration on the Exchange server(s). Sophos recommends using Multiple Hostname (SAN) certificates if this is the case in your environment. 9. Select the Firewall Profile created previously for Exchange Autodiscover in the Firewall Profile menu. 10. Expand Advanced and check Pass host header. Important: Exchange requires the original host header to determine the location (inside or outside the organization) of the client, on which many Exchanges services rely. 11. Click Save to store the new Virtual Webserver and continue. Page 15
16 The following screenshot shows the recommended configuration when using a Wildcard certificate: Page 16
17 Outlook Anywhere 1. Browse to Webserver Protection > Web Application Firewall > Virtual Webservers. 2. Click New Virtual Webserver 3. Enter a name such as Outlook Anywhere into the Name field. 4. Select the interface this Virtual Webserver should be created on from the Interface menu. Note: this is normally the UTM s external (WAN) interface. 5. Select the protocol to be used from the Type menu. Using Encrypted (HTTPS) is recommended. Note: you can also select Encrypted (HTTPS) & redirect to automatically redirect clients to HTTPS if they connect using HTTP. 6. Optional: After selecting the connection type, the UTM will automatically fill in the associated port number. If you need to use a non-standard port you can enter it into the Port field. 7. Select the applicable certificate from the Certificate menu. This was configured on page 3 (Section A) of this guide. 8. Select either the desired domain name for the Domains list, or if using a wildcard certificate, enter your desired hostname by clicking the + icon ( ) in the top right corner. 9. Select the Firewall Profile created previously for Outlook Anywhere in the Firewall Profile menu. 10. Expand Advanced and check Pass host header. Important: failure to set this option will break automatic configuration for all Exchange ActiveSync and Outlook Anywhere clients, as well as automatic failover in HA scenarios. 11. Click Save to store the new Virtual Webserver and continue. Page 17
18 The following screenshot shows the recommended configuration when using a Wildcard certificate: Page 18
19 OWA & Exchange ActiveSync This Virtual Webserver will also cover other Exchange services such as Exchange Control Panel (ECP), Offline Address Book (OAB), etc. 1. Browse to Webserver Protection > Web Application Firewall > Virtual Webservers. 2. Click New Virtual Webserver 3. Enter a name such as OWA & Exchange ActiveSync into the Name field. 4. Select the interface this Virtual Webserver should be created on from the Interface menu. Note: this is normally the UTM s external (WAN) interface. 5. Select the protocol to be used from the Type menu. Using Encrypted (HTTPS) is recommended. Note: you can also select Encrypted (HTTPS) & redirect to automatically redirect clients to HTTPS if they connect using HTTP. 6. Optional: After selecting the connection type, the UTM will automatically fill in the associated port number. If you need to use a non-standard port you can enter it into the Port field. 7. Select the applicable certificate from the Certificate menu. This was configured on page 3 (Section A) of this guide. 8. Select either the desired domain name(s) for the Domains list, or if using a wildcard certificate, enter your desired hostname by clicking the + icon ( ) in the top right corner. Note: you can add multiple domains if for example you want to separate different services by domain, such as owa.domain.com, eas.domain.com, etc. 9. Select the Firewall Profile created previously for OWA & Exchange ActiveSync in the Firewall Profile menu. 10. Expand Advanced and check Pass host header. Important: Exchange determines the applicable automatic configuration (received via Autodiscover) based on the host header used to connect to ActiveSync / EWS. Because of this, selecting this option is extremely important. 11. Click Save to store the new Virtual Webserver and continue. Page 19
20 The following screenshot shows the recommended configuration when using a Wildcard certificate: Page 20
21 I. Configuring Exceptions Since the Static URL Hardening feature on the Web Application Firewall is very strict, it will not allow clients to open any URL other than the ones explicitly configured. This means that requests such as webmail.example.com/owa are allowed, but requests to individual pages or subdirectories such as webmail.example.com/owa/auth/login.aspx or webmail.example.com/owa/directory/ will be dropped. To enable the clients to access these locations, you ll need to create Exceptions to allow for less stringent filtering. Exchange Autodiscover 1. Browse to Webserver Protection > Web Application Firewall > Exceptions. 2. Click New Exception List 3. Enter a name such as Exchange Autodiscover into the Name field. 4. Under Skip these checks, check Static URL hardening. 5. Under Virtual Webservers, select your Virtual Webserver for Exchange Autodiscover. 6. Set the For all requests dropdown to Web requests matching this path. 7. Under Paths, click the + icon ( ) and enter /autodiscover/* and /Autodiscover/* (no quotes). 8. Expand Advanced by clicking on the + icon, and then check Never change HTML during static URL hardening or form hardening. 9. Click Save to store the exception and continue. Page 21
22 Outlook Anywhere 1. Browse to Webserver Protection > Web Application Firewall > Exceptions. 2. Click New Exception List 3. Enter a name such as Outlook Anywhere into the Name field. 4. Under Skip these checks, check Static URL hardening. 5. Under Virtual Webservers, select your Virtual Webserver for Outlook Anywhere. 6. Set the For all requests dropdown to Web requests matching this path. 7. Under Paths, click the + icon ( ) and enter /rpc/* and /RPC/* (no quotes). 8. Expand Advanced by clicking on the + icon, and then check Never change HTML during static URL hardening or form hardening. 9. Click Save to store the exception and continue. Page 22
23 OWA & Exchange ActiveSync 1. Browse to Webserver Protection > Web Application Firewall > Exceptions. 2. Click New Exception List 3. Enter a name such as OWA & Exchange ActiveSync into the Name field. 4. Under Skip these checks, check Static URL hardening. 5. Under Virtual Webservers, select your Virtual Webserver for Outlook Anywhere. 6. Set the For all requests dropdown to Web requests matching this path. 7. Under Paths, click the + icon ( ) and enter /owa/*, /OWA/*, /ecp/*, /ECP/*, /ews/*, /EWS/*, /oab/*, /OAB/*, /Microsoft-Server-ActiveSync*, and /favicon.ico (no quotes). Important: Since Microsoft-Server-ActiveSync is not a virtual directory but a URL, there should be no slash between the name and the asterisk. All paths are case sensitive. 8. Expand Advanced by clicking on the + icon, and then check Never change HTML during static URL hardening or form hardening. 9. Click Save to store the exception and continue. Page 23
24 OWA Notifications A special exception needs to be added to ensure notifications for OWA are not blocked by the WAF. 1. Browse to Webserver Protection > Web Application Firewall > Exceptions. 2. Click New Exception List 3. Enter a name such as OWA Notifications into the Name field. 4. Under Skip these checks, check Antivirus. 5. Under Skip these categories, check all categories. 6. Under Virtual Webservers, select your Virtual Webserver for OWA & Exchange ActiveSync. 7. Set the For all requests dropdown to Web requests matching this path. 8. Under Paths, click the + icon ( ) and enter /owa/ev.owa* (no quotes). 9. Expand Advanced by clicking on the + icon, and then check Never change HTML during static URL hardening or form hardening. 10. Click Save to store the exception and continue. When finished, you should have 4 exceptions in total related to Exchange Services. Page 24
25 J. Optional: Configuring Site Path Routing The Web Application Firewall applies authentication on a per-site-path basis, because doing so allows flexibility when setting up authentication for a website (for example, if you don t want authentication to occur on /public, but you do want to authenticate those users visiting /private ). Choosing which paths require authentication, and which type of authentication to use, is performed via the Site Path Routing configuration. Exchange Autodiscover 1. Browse to Webserver Protection > Web Application Firewall > Site Path Routing. 2. Click New Site Path Route 3. Enter a name such as /autodiscover into the Name field. 4. Select the Virtual Webserver created previously for Exchange Autodiscover in the Virtual webserver dropdown box. 5. Enter /autodiscover (no quotes) into the Path field. 6. Under Reverse Authentication, select the Basic Authentication profile created previously (instructions on page 8 of this guide). 7. Under Real Webservers, check all associated Exchange servers. 8. Click Save to store the Site Path Route and continue. 9. Click Clone on the created Site Path Route and create a new route for path /Autodiscover using the same settings above. 10. Optional: Remove the default / Site Path Route for Exchange Autodiscover to improve security. Page 25
26 Outlook Anywhere 1. Browse to Webserver Protection > Web Application Firewall > Site Path Routing. 2. Click New Site Path Route 3. Enter a name such as /rpc into the Name field. 4. Select the Virtual Webserver created previously for Outlook Anywhere in the Virtual webserver dropdown box. 5. Enter /rpc (no quotes) into the Path field. 6. Under Reverse Authentication, select the Basic Authentication profile created previously (instructions on page 8 of this guide). 7. Under Real Webservers, check all associated Exchange servers. 8. Click Save to store the Site Path Route and continue. 9. Click Clone on the created Site Path Route and create a new route for path /RPC using the same settings above. 10. Optional: Remove the default / Site Path Route for Outlook Anywhere to improve security. Page 26
27 OWA & ECP 1. Browse to Webserver Protection > Web Application Firewall > Site Path Routing. 2. Click New Site Path Route 3. Enter a name such as /owa into the Name field. 4. Select the Virtual Webserver created previously for OWA & Exchange ActiveSync in the Virtual webserver dropdown box. 5. Enter /owa (no quotes) into the Path field. 6. Under Reverse Authentication, select the Form Authentication profile created previously (instructions on page 8 of this guide). 7. Under Real Webservers, check all associated Exchange servers. 8. Click Save to store the Site Path Route and continue. 9. Click Clone on the created Site Path Route and create a new route for path /OWA, /ecp, & /ECP using the same settings above. Page 27
28 Exchange ActiveSync & Other 1. Browse to Webserver Protection > Web Application Firewall > Site Path Routing. 2. Click Edit for the / default site path route for the OWA & Exchange ActiveSync site path route. 3. Under Reverse Authentication, select the Basic Authentication profile created previously (instructions on page 8 of this guide). 4. Click Save to continue. When finished, you should have 9 Site Path Routes in total related to Exchange Services. L. Optional: Next Steps You can test to ensure that your Autodiscover & Exchange ActiveSync configuration is working correctly by using Microsoft s Remote Connectivity Analyzer tool, located here: Page 28
How to configure the UTM Web Application Firewall for Microsoft Remote Desktop Gateway connectivity
How to configure the UTM Web Application Firewall for Microsoft Remote Desktop Gateway connectivity This article explains how to configure your Sophos UTM to allow access Microsoft s Remote Desktop Gateway
More informationHow to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity
How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity This article explains how to configure your Sophos UTM to allow access Microsoft s Lync Web Services (the
More informationUser guide NotifySCM Installer
User guide NotifySCM Installer TABLE OF CONTENTS 1 Overview... 3 2 Office 365 Users synchronization... 3 3 Installation... 5 4 Starting the server... 17 2 P a g e 1 OVERVIEW This user guide provides instruction
More informationHands-on Lab Exercise Guide
606: Improving Microsoft Exchange 2013 Performance with NetScaler Hands-on Lab Exercise Guide Johnathan Campos and Daniel Kuenzli May 2015 Table of Contents Table of Contents... 1 Overview... 2 Scenario...
More informationHOL122 Lab 1: Configuring Microsoft Windows Server 2003 RPC Proxy
HOL122 Lab 1: Configuring Microsoft Windows Server 2003 RPC Proxy Objectives After completing this lab, you will be able to: Install remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP)
More informationThis post documents the basic steps that should be performed after installing Exchange I perform the following steps:
Dean Suzuki Blog Title: Basic Exchange 2013 Configuration Created: 11/28/2012 Description: This post documents the basic steps that should be performed after installing Exchange 2013. I perform the following
More informationEntrust Connector (econnector) Venafi Trust Protection Platform
Entrust Connector (econnector) For Venafi Trust Protection Platform Installation and Configuration Guide Version 1.0.5 DATE: 17 November 2017 VERSION: 1.0.5 Copyright 2017. All rights reserved Table of
More informationWorkspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902
Workspace ONE UEM Certificate Authentication for EAS with ADCS VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationSetting up Microsoft Exchange Server 2016 with Avi
Page 1 of 14 Setting up Microsoft Exchange Server 2016 with Avi Networks view online What is Exchange Server 2016 Microsoft Exchange Server 2016 is an e-mail server solution, with calendar and contact
More informationSophos Mobile Control SaaS startup guide. Product version: 7
Sophos Mobile Control SaaS startup guide Product version: 7 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your password...8 5 Change your login
More informationHosted Microsoft Exchange Client Setup & Guide Book
Hosted Microsoft Exchange Client Setup & Guide Book Section 1 Microsoft Outlook Web Access (OWA) access directions Section 2 Windows 10 Mail App setup & configuration Section 3 Windows Mobile Phone ActiveSync
More informationSophos Mobile. installation guide. Product Version: 8.5
installation guide Product Version: 8.5 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses...
More informationDeploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers
Deployment Guide Document version: 4.9.1 iapp version: microsoft_exchange_2010_cas.2012_06_08 What's inside: 2 What is F5 iapp? 2 Prerequisites 6 Deployment Scenarios 8 Preparation worksheets 10 Downloading
More informationSophos Mobile. installation guide. product version: 8.6
installation guide product version: 8.6 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses...
More informationMicrosoft ISA 2006 Integration. Microsoft Internet Security and Acceleration Server (ISA) Integration Notes Introduction
Microsoft ISA 2006 Integration Contents 1 Microsoft Internet Security and Acceleration Server (ISA) Integration Notes 2 Introduction 3 Prerequisites 3.1 ISA 2006 Filter 3.2 TMG Filter 4 Baseline 5 Architecture
More informationAzure MFA Integration with NetScaler
Azure MFA Integration with NetScaler This guide focuses on describing the configuration required for integrating Azure MFA (Multi-Factor Authentication) with NetScaler. Citrix.com 1 NetScaler is a world-class
More informationHow to Set Up External CA VPN Certificates
To configure a client-to-site, or site-to-site VPN using s created by External CA, you must create the following VPN s for the VPN service to be able to authenticate Before you begin Use an external CA
More informationDoD Common Access Card Authentication. Feature Description
DoD Common Access Card Authentication Feature Description UPDATED: 20 June 2018 Copyright Notices Copyright 2002-2018 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies
More informationOwner of the content within this article is Written by Marc Grote
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront UAG Publishing Microsoft Exchange Server 2010 Outlook Anywhere and Exchange
More informationRemote Support Security Provider Integration: RADIUS Server
Remote Support Security Provider Integration: RADIUS Server 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks
More informationKaseya 2. Installation guide. Version R8. English
Kaseya 2 Kaseya Server Setup Installation guide Version R8 English October 24, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationModule 3 Remote Desktop Gateway Estimated Time: 90 minutes
Module 3 Remote Desktop Gateway Estimated Time: 90 minutes A. Datum Corporation provided access to web intranet web applications by implementing Web Application Proxy. Now, IT management also wants to
More informationHypersocket SSO. Lee Painter HYPERSOCKET LIMITED Unit 1, Vision Business Centre, Firth Way, Nottingham, NG6 8GF, United Kingdom. Getting Started Guide
Hypersocket SSO Getting Started Guide Lee Painter HYPERSOCKET LIMITED Unit 1, Vision Business Centre, Firth Way, Nottingham, NG6 8GF, United Kingdom Table of Contents PREFACE... 4 DOCUMENT OBJECTIVE...
More informationSophos Mobile. installation guide. Product Version: 8
installation guide Product Version: 8 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses...3 Update licenses...3
More informationSophos Mobile. installation guide. product version: 9
installation guide product version: 9 Contents About this guide... 1 About...2 licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses... 3 Set up... 4 Installation
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationSophos Mobile as a Service
startup guide Product Version: 8 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses...5 Check your licenses...6
More informationSophos Mobile SaaS startup guide. Product version: 7.1
Sophos Mobile SaaS startup guide Product version: 7.1 Contents 1 About this guide...4 2 What are the key steps?...5 3 Change your password...6 4 Change your login name...7 5 Activate SMC Advanced licenses...8
More informationConfigure the IM and Presence Service to Integrate with the Microsoft Exchange Server
Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server Configure a Presence Gateway for Microsoft Exchange Integration, page 1 SAN and Wildcard Certificate Support, page
More informationConfiguring EAP-FAST CHAPTER
CHAPTER 3 This chapter explains how to configure EAP-FAST module settings, such as connection settings, user credentials, and authentication methods. The following topics are covered in this chapter: Accessing
More informationSecurEnvoy Microsoft Server Agent Installation and Admin Guide v9.3
SecurEnvoy Microsoft Server Agent Installation and Admin Guide v9.3 SecurEnvoy Microsoft Server Agent Guide Contents 1.1 PREREQUISITES... 3 OVERVIEW OF INSTALLATION FILES... 3 IIS PRE-REQUISITES... 3 OTHER
More informationIMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.
IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS VMware Identity Manager February 2017 V1 1 2 Table of Contents Overview... 5 Benefits of BIG-IP APM and Identity
More informationSecurity Provider Integration RADIUS Server
Security Provider Integration RADIUS Server 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property
More informationConfiguring the SFB 2015 Reverse Proxy Server for Express for Lync 3.0
Configuring the SFB 2015 Reverse Proxy Server for Express for Lync 3.0 Overview A reverse proxy server is required by Express for SFB is a required component of Express for SFB if you plan on deploying
More informationscconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE
scconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800)
More informationSan Jacinto College. Secure SSL VPN Instruction Manual. Contents
1 San Jacinto College Secure SSL VPN Instruction Manual The new Secure SSL VPN provides a more secure and convenient method of accessing San Jacinto College resources remotely. This document provides an
More informationGetting Started with Outlook Web App (OWA)
Getting Started with Outlook Web App (OWA) Office 365 User Guide When first accessing your new Office 365 account, or if you are having any issues with your regular email client, use the below directions
More informationAdministration Guide
Administration Guide Version 2.0 November, 2015 Biscom, Inc. 321 Billerica Rd. Chelmsford, MA 01824 tel 978-250-1800 fax 978-250-4449 CONTENTS 1. Initial Configuration and Settings...1 1.1 Application...
More informationIn this article I will show you how to enable Outlook Web Access with forms based authentication in Exchange Server 2007 Beta 2.
Exchange 2007 Outlook Web Access Written by Marc Grote - mailto:grotem@it-training-grote.de Abstract In this article I will show you how to enable Outlook Web Access with forms based authentication in
More informationStep 1: Adding Darwin to your computer
Step 1: Adding Darwin to your computer You MUST be on GoucherWIFI. If you receive any network connection problems at any point, double-check your WIFI connection. Remove/Move GoucherGuest and GoucherMultimedia
More informationApp Orchestration 2.6
Configuring NetScaler 10.5 Load Balancing with StoreFront 3.0 and NetScaler Gateway for Last Updated: June 04, 2015 Contents Introduction... 3 Configure the NetScaler load balancer certificates... 3 To
More informationSophos Mobile. super administrator guide. product version: 8.6
Sophos Mobile super administrator guide product version: 8.6 Contents About this guide... 1 Document conventions... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer...
More informationSophos Mobile. super administrator guide. product version: 9
super administrator guide product version: 9 Contents About this guide... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer... 3 Log in as super administrator... 3 Switch
More informationHow do I configure my LPL client to use SSL for incoming mail?
How do I configure my LPL email client to use SSL for incoming mail? When you begin using your modern graphical email client program (e.g., Thunderbird, Mac Mail, Outlook), it will present a series of
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationHow to install DBXL in a load balanced
Page 1 of 11 Product: Database Accelerator (DBXL) How to install DBXL in a load balanced Title: scenario Below you will find an outline of this document s contents. The information in this document applies
More informationDeploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers
Deployment Guide Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers Welcome to the F5 and Microsoft Exchange 2010 and 2013 Client Access Server deployment guide.
More informationMailEnable Connector for Microsoft Outlook
MailEnable Connector for Microsoft Outlook Version 1.41 This guide describes the installation and functionality of the MailEnable Connector for Microsoft Outlook. Features The MailEnable Connector for
More informationSophos Mobile as a Service
startup guide product version: 8.6 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses... 5 Check your licenses...6
More informationBROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017
BROWSER-BASED SUPPORT CONSOLE USER S GUIDE 31 January 2017 Contents 1 Introduction... 2 2 Netop Host Configuration... 2 2.1 Connecting through HTTPS using Certificates... 3 2.1.1 Self-signed certificate...
More informationIceWarp SSL Certificate Process
IceWarp Unified Communications IceWarp SSL Certificate Process Version 12 Printed on 20 April, 2017 Contents IceWarp SSL Certificate Process 1 Choosing the Proper Certificate Type... 2 Creating your CSR
More informationSophos Mobile super administrator guide. Product version: 7.1
Sophos Mobile super administrator guide Product version: 7.1 Contents 1 About this guide...4 1.1 Document conventions...4 2 Super administrator...5 2.1 Super administrator tasks...5 2.2 Super administrator
More informationVMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager
VMware Identity Manager Cloud Deployment Modified on 01 OCT 2017 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The
More informationVII. Corente Services SSL Client
VII. Corente Services SSL Client Corente Release 9.1 Manual 9.1.1 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Table of Contents Preface... 5 I. Introduction... 6 Chapter 1. Requirements...
More informationSophos Mobile. super administrator guide. Product Version: 8
Sophos Mobile super administrator guide Product Version: 8 Contents About this guide... 1 Document conventions... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer...
More informationVMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch
VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP For VMware AirWatch H a v e d o c u m e n t a t io n f e e d b a c k? S u b m it a D o c u m e n t a t io n F e e d b a c k s u p p o
More informationSophos Mobile Control SaaS startup guide. Product version: 6.1
Sophos Mobile Control SaaS startup guide Product version: 6.1 Document date: September 2016 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your
More informationVMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018
VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018 Table of Contents Introduction to Horizon Cloud with Manager.... 3 Benefits of Integration.... 3 Single Sign-On....3
More informationMicrosoft OWA 2013 IIS Integration
Microsoft OWA 2013 IIS Integration Contents 1 Introduction 2 Compatibility 3 Prerequisites 4 File Downloads 5 Architecture 6 Installation 6.1 Software Installation 6.2 Configuration of the IIS Filter 6.2.1
More informationDEPLOYMENT GUIDE. Load Balancing VMware Unified Access Gateway
DEPLOYMENT GUIDE Load Balancing VMware Unified Access Gateway Version History Date Version Author Description Compatible Versions Nov 2017 1.0 Matt Mabis Initial Document with How-To Configure F5 LTM with
More informationIntegrating AirWatch and VMware Identity Manager
Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationWebsitePanel User Guide
WebsitePanel User Guide User role in WebsitePanel is the last security level in roles hierarchy. Users are created by reseller and they are consumers of hosting services. Users are able to create and manage
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationMicrosoft OWA 2007 IIS Integration
Microsoft OWA 2007 IIS Integration Contents 1 Introduction 2 Prerequisites 3 Baseline 4 Architecture 5 Installation 5.1 Software Installation 5.2 Configuration of the IIS Filter 5.2.1 Swivel Settings 5.2.2
More informationExchange Server 2016 Client Access Namespace Configuration
Exchange Server 2016 Client Access Namespace Configuration When you first install Exchange Server 2016 it is pre-configured with default URLs for the various HTTPS services such as OWA (Outlook on the
More informationVMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager
VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Table of Contents Lab Overview - HOL-1857-03-UEM - Workspace ONE UEM with App & Access Management... 2 Lab Guidance... 3 Module 1 - Workspace
More informationwith Access Manager 51.1 What is Supported in This Release?
51 51 Integrating Microsoft SharePoint Server with Access Manager This chapter explains how to integrate Access Manager with a 10g WebGate and Microsoft SharePoint Server. It covers the following topics:
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationRevised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.
Mobile App Windows Authentication & SSL Config Revised: 08/02/2017 Job Aid This Job Aid is intended for agency IT staff and explains how to enable Windows Authentication and SSL for your mobile applications
More informationBarracuda Web Application Firewall Foundation - WAF01. Lab Guide
Barracuda Web Application Firewall Foundation - WAF01 Lab Guide Official training material for Barracuda certified trainings and Autorized Training Centers. Edition 2018 Revision 1.0 campus.barracuda.com
More informationVMware AirWatch Certificate Authentication for EAS with ADCS
VMware AirWatch Certificate Authentication for EAS with ADCS For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationPxM Proof of Concept Configuration. June 2018 Version 3.1
PxM Proof of Concept Configuration June 2018 Version 3.1 Table of Contents PxM Architecture, Installation & Configuration... 3 PxM Proof of Concept (POC) Guide... 4 Introduction... 4 Prerequisites... 4
More informationMigrate All Mailboxes to the Cloud with a Cutover Exchange
Page 1 of 8 Migrate All Mailboxes to the Cloud with a Cutover Exchange Migration Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises Topic Last Modified: 2011-08-29
More informationMS Exchange 2016 Deployment Guide
Deployment Guide VERSION: 6.0 UPDATED: July 2017 Copyright Notices Copyright 2002-2017 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies logo are registered trademarks
More informationVMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager
VMware Identity Manager Cloud Deployment DEC 2017 VMware AirWatch 9.2 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationMS Exchange 2010 Deployment Guide
Deployment Guide VERSION: 11.0 UPDATED: July 2017 Copyright Notices Copyright 2002-2017 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies logo are registered trademarks
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationLoad Balancing Microsoft Exchange Deployment Guide v Copyright Loadbalancer.org
Load Balancing Microsoft Exchange 2016 Deployment Guide v2 Copyright Loadbalancer.org Table of Contents About this Guide...4 Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org Software Versions
More informationProxyCap Help. Table of contents. Configuring ProxyCap Proxy Labs
ProxyCap Help 2016 Proxy Labs Table of contents Configuring ProxyCap The Ruleset panel Loading and saving rulesets Delegating ruleset management The Proxies panel The proxy list view Adding, removing and
More informationMicrosoft Exchange Proxy Settings Outlook 2010 Gpo
Microsoft Exchange Proxy Settings Outlook 2010 Gpo Cloud App Encryption supports Microsoft Outlook 2010 and 2013 for Windows. accounts for each user in Microsoft Office 365 and the Outlook proxy settings
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationMailEnable Connector for Microsoft Outlook
MailEnable Connector for Microsoft Outlook Version 1.36 This guide describes the installation and functionality of the MailEnable Connector for Microsoft Outlook. Features The MailEnable Connector for
More informationISA 2006 and OWA 2003 Implementation Guide
ISA 2006 and OWA 2003 Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationCreate Decryption Policies to Control HTTPS Traffic
Create Decryption Policies to Control HTTPS Traffic This chapter contains the following sections: Overview of Create Decryption Policies to Control HTTPS Traffic, page 1 Managing HTTPS Traffic through
More informationRealms and Identity Policies
The following topics describe realms and identity policies: Introduction:, page 1 Creating a Realm, page 5 Creating an Identity Policy, page 11 Creating an Identity Rule, page 15 Managing Realms, page
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationSetting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.8 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationMicrosoft OWA 2010 IIS Integration
Microsoft OWA 2010 IIS Integration Contents 1 Introduction 2 Compatibility 3 Prerequisites 3.1 Additional Prerequisites for Version 2.9 4 File Downloads 4.1 OWA Filter Change History 5 Architecture 6 Installation
More informationTable of Contents. VMware AirWatch: Technology Partner Integration
Table of Contents Lab Overview - HOL-1857-08-UEM - Workspace ONE UEM - Technology Partner Integration... 2 Lab Guidance... 3 Module 1 - F5 Integration with Workspace ONE UEM (30 min)... 9 Introduction...
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationExtranet User Manager
Extranet User Manager Prerequisite Guide v3.1 March 11, 2015 Envision IT 7145 West Credit Avenue Suite 100, Building 3 Mississauga, ON L5N 6J7 Table of Contents ENVISION IT EXTRANET USER MANAGER... 1 VERSION
More informationDeploying F5 with Microsoft Exchange 2016 Mailbox Servers
F5 Deployment Guide Deploying F5 with Microsoft Exchange 2016 Mailbox Servers Welcome to the F5 and Microsoft Exchange 2016 deployment guide. Use this document for guidance on configuring the BIG-IP system
More informationSophos Enterprise Console
secure network quick startup guide Product Version: 5.5 Contents About this guide... 1 Limitations on the secure network...2 What do I install?...3 What are the key steps?... 4 Download the installers...5
More informationSafeConsole On-Prem Install Guide
version 5.4 DataLocker Inc. December, 2018 Reference for SafeConsole OnPrem 1 Contents Introduction................................................ 3 How do the devices become managed by SafeConsole?....................
More informationAndroid Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.
Android Mobile Single Sign-On to VMware Workspace ONE SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware
More informationAuthlogics Forefront TMG and UAG Agent Integration Guide
Authlogics Forefront TMG and UAG Agent Integration Guide With PINgrid, PINphrase & PINpass Technology Product Version: 3.0.6230.0 Publication date: January 2017 Authlogics, 12 th Floor, Ocean House, The
More informationSafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem
version 5.2.2 DataLocker Inc. July, 2017 SafeConsole Reference for SafeConsole OnPrem 1 Contents Introduction................................................ 2 How do the devices become managed by SafeConsole?....................
More informationSetup Guide. Page 0
Email Setup Guide Page 0 Table of Contents Mailbox Setup Guide... 2 Before you Start... 2 Desktop Mail Clients... 3 Outlook 2016 setup... 3 Outlook 2013 setup... 7 Outlook 2010 setup... 12 Windows 10 Mail
More informationManual Owa Exchange 2010 Not Working Externally
Manual Owa Exchange 2010 Not Working Externally Q: exchange 2010/2013 coexistence: OWA proxy not working properly set up manually with Exchange ActiveSync (pointing to owa.domain.com) with a On E2k13 I
More informationBEST PRACTICES ARCHIVE in contentaccess
BEST PRACTICES EMAIL ARCHIVE in contentaccess Use case: Email Archive configuration for companies with up to 2,000 mailboxes This section is intended to give an overview about how to configure email archiving.
More information